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■  VMware’s  ESX  KOs  Microsoft’s  Hyper-V  in  virtualization  face-off 

VMware’s  maturity  gives  it  the  edge  in  manageability,  stability. 

After  two  months  of  rigorous  testing  of  both  performance  and  feature  sets,  veteran  VMware  gets  the  nod  over 
newcomer  Hyper-V  Page  28.  For  results  of  performance  test,  go  to  www.nwdocfinder.com/6721. 
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Enterasys  GEO  dies 
suddenly  jMKI 

25-year 

industry 

veteran  K  A 
Mike  Fabiaschi 
remembered  as 
champion  for  cus¬ 
tomers.  Page  8. 


Four  steps  to  take 
control  of  your 
mobile  devices 

Securing  and  manag¬ 
ing  every  device  and 
connection,  educating 
users  is  key.  Page  11. 


Will  Android  battle 
the  iPhone  for  cor¬ 
porate  users? 

WhileT-Mobile's 
Android-powered  G1 
phone  is  intended  to 
take  on  Apple’s 
iPhone,  it  has  a  long 
way  to  go  before  it 
can  be  considered  an 
enterprise  device. 
Page  17. 


Fighting  terrorists 
with  biometrics 

Biometrics  has 
become  a  favored 
security  technology 
of  the  federal  gov¬ 
ernment,  which  is 
using  it  in  Iraq  to 
identify  bomb  mak¬ 
ers.  Page  21. 
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Microsoft  muscling  up  Windows 

High-performance  computing  server  faces  established  challengers 


BY  JOHN  FONTANA 

Microsoft  has  built  a  strategy  around  the  planned  early- 
November  release  of  its  high-performance  computing 
server  that  it  hopes  will  be  the  catalyst  to  deliver  massive 
computing  power  for  future  applications. 

Microsoft  will  apply  its  strategy  of  “simplifying  computing” 
to  the  costly  and  often  complex  high-performance  comput¬ 
ing  world.  In  this  case  it  is  featuring  its  Windows  HPC  Server 
2008  surrounded  by  Microsoft’s  collection  of  applications, 
management  wares,  development  tools  and  independent 
software  vendor  community 

“We  are  not  talking  about  a  lot  of  unique  product  devel¬ 
opment  here;  it  is  mostly  about  packaging  and  coming  up 
with  appropriate  licensing,”  says  Gordon  Haff,  an  analyst 
with  Illuminata.  “But  as  HPC  becomes  more  and  more 


More  on  Microsoft 

Ballmer  still  searching  for 
an  answer  to  Google.  Page  12. 

Windows  7:  Seven  develop¬ 
ments  you  should  know  about. 

Page  15 


mainstream  and  used  for  all  kinds  of  commercial  roles, 
whether  it  is  product  design  or  business  analytics, Windows  is 
not  such  an  unnatural  fit  as  it  might  have  been  in  the  past.” 

Microsoft  last  week  said  it  would  release  on  Nov.  1  HPC 
Server  2008,  the  company’s  See  Microsoft,  page  16 


Unified  threat  management  catching  on 


BY  TIM  GREENE 

Customers  using  unified  threat  man¬ 
agement  devices  say  the  appliances 
represent  a  more  streamlined  way  to 
provide  multiple  security  functions  and 
track  down  security  data,  but  they  don’t 
adequately  meet  all  gateway  security 
needs. 

This  category  of  equipment  is  about  4 
years  old  and  is  growing  fast  —  1DC 
projects  more  than  $3  billion  in 
sales  in  2011.  UTMs  offer  a  way 
to  simplify  networks  by  eliminat¬ 
ing  boxes. 

For  instance,  the  Columbia 
Association,  a  nonprofit  govern¬ 
ment  agency  that  oversees  the 
planned  city  of  Columbia,  Md., 
switched  this  year  to  using  Cisco 
ASA  routers  with  UTM  features 


that  enabled  the  association  to  drop  a 
VPN  concentrator,  firewall  and  intru¬ 
sion-detection  system  —  all  Cisco  gear, 
as  well  as  the  Cisco  Security  Agent  soft¬ 
ware  deployed  on  the  association’s 
servers. 

Instead,  the  ASA  performs  all  those 
functions,  says  Nagaraj  Reddi,  the  asso¬ 
ciation’s  IT  director.  Adopting  the  ASA 
to  pick  up  the  functions  of  the  individ¬ 


ual  products  gave  him  a  way  to  assess 
quickly  what  otherwise  would  have 
been  spread  across  four  other  plat¬ 
forms.  “We  had  nothing  to  put  these 
logs  together,”  he  says.  “Now  we  can 
monitor  them  all  in  one  place.” 

This  kind  of  unified  reporting  from 
UTMs  can  give  a  broad  view  of  overall 
network  health  and  activity  says  Grant 
See  UTM,  page  36 


UTMs  are  not  for  everybody 

Unified  threat  management  platforms  bring  together  multiple  security 
functions  on  a  single  piece  of  hardware,  but  they  aren’t  always  the 
perfect  solution. 


Pros 

Cons 

A  single  device  streamlines 
network  architecture. 

Individual  applications  may  not  have  all  the 
features  of  stand-alone  appliances. 

Integrated  security  functions 
make  for  simpler  administration. 

Redundant  boxes  are  needed  to  avoid  single 
points  of  failure. 

Unified  reporting  gives  a  more 
complete  picture  of  network  and 
security  status. 

Shared  CPU  may  force  upgrading  to  larger 
boxes  or  offloading  individual  apps  to  separate 
appliances  to  avoid  performance  drops. 

IT  staff  has  less  equipment  to 
learn  about. 

Platforms  may  not  support  all  the  apps 
needed. 

mdi 


SMART  MFPs? 

HOW  ABOUT  GENEROUS  TOO? 


Start  with  paying  up  to  30%  less  for  your  color  printing.  Then  add 
in  getting  color  accents  for  the  price  of  a  black-and-white  page. 

The  HP  CM8060  MFP  with  Edgeline  Technology  doesn't  stop  there:  it  also 
prints  and  copies  50  color  pages  a  minute,  so  your  organization  can 
be  even  more  productive.  That's  alternative  thinking  about  printing. 


hp.com/go/8060 


''  >2008  Hewlett-Packard  Development  Company,  L.P.  Simulated  images. 
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COOL 

TOOLS 

■Logitech's 
Squeezebox 
Boom  Network 
Music  System  can 
access  music  stored 
on  a  PC  hard  drive  or 
over  the  Internet. 

See  Cool  Tools,  page  26. 
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Calculating  the  cost  of  communicating. 
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VMware’s  ESX  KOs  Microsoft’s  Hyper-V  in  virtualization  face-off 

VMware’s  maturity  gives  it  the  ecfge  in  manageability,  stability. 

After  two  months  of  rigorous  testing  of  both  performance  and  feature  sets, 
veteran  VMware  gets  tne  nod  over  newcomer  Hyper-V  Page  28.  For  results 
of  performance  test,  go  to  www.networkworld.com/6721. 


TREND  WATCH 


A  special  editorial  issue  examining 
how  information  protection,  \l\mt 
identity-centric  access  control,  ;ii 
security  event  management  and  d| 
managed  security  services  are  |- 
shaping  new  enterprise  defenses,1 
www,nwdocfinder.com/6850 


1  1 

Sh  wEwLi 

# 

a  * 

1  •  V 

mm 

/ 

1  # 

1  ■ 

I  I 

— 

1  I 

GOODBADUGLY 

Google  wants  you  to 
change  the  world 

Google  changed  the  world 
with  a  simple  idea,  and  now 
is  offering  $10  million  to 
help  anyone  who  can  do  the 
same.  A  new  Google  pro¬ 
ject  encourages  people  to 
submit  ideas  for  changing  the  world, 
then  vote  on  the  ones  with  the  potential 
to  help  the  most  people.  It's  been 
named  Project  10100  (pronounced 
“Project  10  to  the  100th”),  after  the 
numeric  value  of  a  “googol.” 


When  “OK”  isn’t 

Psychologists  at  North  Carolina  State 
University  found  that  computer  users 
have  a  hard  time  distinguishing  be¬ 
tween  fake  Windows  warning  messages 
and  real  ones.  An  experiment  testing 
the  responses  of  42  students  browsing 
the  Web  found  that  63%  would  click 
“OK”  whenever  they  saw  a  popup 
warning,  whether  or  not  it  was  fake. 

ISP  has  off  and  on  week 
Pressure  from  computer  security 
researchers  may  have  knocked  ISP 
Intercage  offline,  but  not  for  long.The 
company,  accused  of  being  a  haven  to 
online  criminals,  got  itself  back  online 
last  week  just  days  after  its  last 
upstream  network  provider,  Pacific 
Internet  Exchange,  dropped  it  as  a  cus¬ 
tomer.  Intercage  president  Emil 
Kacperski  said  Pacific  did  not  tell  him 
why  his  company  had  been  knocked 
offline,  but  he  believes  it  was  in 
response  to  pressure  from  Spamhaus, 
a  volunteer- run  antispam  group. 


A  snapshot  of  how  networkworld.com 
visitors  voted  on  a  key  networking  issue 
last  week: 


Will  Hyper-V  kill  off  VMware  like  IE  killed 
Netscape? 


What’s  Netscape?  4% 


Looks 
like  it 

40% 


Total  voters  for  this  poll:  159 

Vote  and  discuss:  www.nwdocfinder.com/6849 
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PEERSAY 


Why  we  haven’t  moved 
to  Vista 

Re:Vista:  IT  loves  it,  hates  it  (www.nwdocfind 
er.com/6825): 

I  am  the  IT  manager  of  a  company  that  has 
about  1250  seats  spread  out  across  five 
states,  and  we  have  a 
combination  of 
Windows  2000  and 
XP  on  the  desktop. 

We  have  stayed  away 
from  Vista  because  of 
the  hardware 

requirements.  We 
tend  to  hold  on  to 
desktops  for  about 
five  years  or  more, 
and  most  of  our 
hardware  is  not  capa¬ 
ble  of  running  Vista.  Most  of  our  desktops 
only  have  512MB  of  memory  in  them  and 
2.0GB  Celeron  processors,  and  they  do  not 
have  Accelerated  Graphics  Port  cards  for  the 
video.  The  upgrade  cost  for  us  would  be 
enormous.  So,  that  is  the  first  reason  we  have 
not  taken  the  path  to  Vista. 

The  second  reason  is  that  some  of  the  third- 
party  software  we  run  does  not  support  Vista. 

The  third  and  probably  most  important 
issue  is  that  there  is  no  business  reason  to 
upgrade.  Most  of  our  users  are  doing  termi¬ 
nal  emulation,  word  processing,  spread¬ 
sheets  and  presentations,  and  that  does  not 
take  a  supercomputer  to  run  on  or  a  pretty 
front  end.  There  is  not  a  business  need  for 
us  to  have  pretty,  gee-whiz  graphics  to  run 
these  applications.  We  usually  do  not  adopt 
a  new  operating  system  until  at  least  the 
first  Service  Pack  has  been  released.  But  in 
this  case  there  is  no  driving  business  need 
to  go  to  Vista.  We  do  not  have  this  problem 
on  the  systems  that  we  run:  i5  (AS/400),  AIX 
or  Linux.  I  have  been  in  the  IT  business  for 
35  years,  and  it  takes  a  lot  less  money  and 
staff  to  support  the  other  hardware  and 
operating  systems  than  it  does  my  Windows 
environment. 

Alan  Clark 

Discuss  at  www.nwdocfinder.com/6826 


►  SPECIAL  NETWORK  WORLD  FEATURE 


**Far  too  many  project 
managers  get  into  the  habit  of 
not  truly  owning  their  projects 
because  they  can  blame 
failure  on  something  or 
someone  else.55 


SCAN  THIS  CODE 
with  your  cell 
phone  to  get  the 
latest  IT  network 
news  delivered  to 
your  cellular 
device. 


■  ■ 


■  ■■ 


■  ■ 
■  ■■ 

■  ■■  ■■ 


■  ■■ 


To  get  the  client  " 
software,  use  your  phone  browser  to 
visit  wap.connexto.com 

For  more  information  on  code  scanning 
see  www.nww.com/codescan 


Holding  project  managers 
accountable 

Re:  An  objective  way  to  evaluate  project  man¬ 
agers  (www.nwdocfinder.com/6827): 

When  things  are  subjective,  it  is  far  too  easy 
for  them  to  get  swept  under  the  rug  and  for 

small  problems  to 
turn  into  major  issues 
before  they  are  found. 

We  use  earned- 
value  management 
on  my  project,  and 
although  there  is 
some  overhead,  it 
helps  to  hold  com¬ 
pany  project  man¬ 
agers  accountable. 

Even  when  metrics 
are  in  place, you  have 
to  watch  out  for  sponsors  that  are  too  forgiv¬ 
ing  and  accept  excuses.  Life  happens,  but  far 
too  many  project  managers  get  into  the  habit 
of  not  truly  owning  their  projects  because 
they  can  blame  failure  on  something  or 
someone  else. 

Josh  Nankivel 

Discuss  at  www.nwdocfinder.com/6828 

Not  the  right  medium  for 
private  e-mail 

Re:  Palin’s  private  e-mail  hacked,  posted  to 
’Net  (www.nwdocfinder.com/6829): 

“Free”  e-mail  services  such  as  Yahoo  and 
Gmail  are  inherently  insecure.  When  you 
are  using  such  services,  assume  that  every¬ 
thing  you  type  is  being  sent  to  the  entire 
world. 

Steve  Crye 

Discuss  at  www.nwdocfinder.com/6830 

Who  cares  if  Google  calls 
them  beta? 

Re:  Almost  half  of  Google  products  — 
including  4-year-old  Gmail  —  remain  in 
beta:  Why?  (www.nwdocfinder.com/6851): 

Beta  tag  or  no  beta  tag,  what  matters  is  the 
actual  quality  of  a  product.  As  far  as  I  have 
seen,  Google’s  products  are  at  least  as  stable 
as  many  others. 

As  long  as  software  can’t  be  guaranteed  to 
be  bug-free,  which  holds  for  all  on-  or 
offline  consumer  software  available,  it 
should  be  labeled  beta. Then  we  will  finally 
have  stopped  fooling  each  other. 

Neither  Google  nor  any  other  company 
has  the  luxury  not  to  take  responsibility  for 
their  products. This  has  nothing  to  do  with  a 
beta  tag,  and  everything  with  market. 

Mattijs  Kneppers 

Discuss  at  www.nwdocfinder.com/6851 

E-mail  letters  to  jdix@nww.com  or  send  them 
to  John  Dix ,  editor  in  chief,  Network  World,  492 
Old  Connecticut  Path,  Framingham,  MA  01701- 
9002.  Please  include  phone  number  and  address 
for  verification. 
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SECURITY  VIDEO: 


INTERVIEWS,  THE  COOLEST  TOOLS  AND  MORE 


IDG  NEWS  WIRE 


Touring  the  hacker 
underground 

Jason  Meserve  dives 
into  the  secret  chat 
rooms  used  by  thieves 
to  trade  credit-card  and 
other  stolen  personal 
information. 


T-Mobile  launches 
G1  Android  phone 

Google’s  open  source 
mobile  Android  soft¬ 
ware  makes  its  debut 
on  the  HTC  G1  phone, 
which  will  run  onT- 
Mobile’s  3G  network. 


www.nwdocfinder.com/6838  www.nwdocfinder.com/6839 


Sharing  knowledge 
in  a  Web  2.0  world 

Learn  how  enterprises 
can  tie  together  blogs, 
RSS  feeds,  e-mail, 
intranets  and  otherWeb 
2.0  assets  for  sharing 
corporate  knowledge. 

www.nwdocfinder.com/6840 
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Hurricane  Ike  and  the 
electronic  divide 


I BLOGOSPHERE 


■  T-Mobile  worries  G3  network  not  up 
to  snuff  for  Android.  Mitchell  Ashley 
writes  in  his  Converging  on  Microsoft 
blog:  "T-Mobile  reversed  a  decision  about 
the  Google  Android  G1  phone  this  week. 
One  of  the  under-reported  aspects  of  the 
Google  Android  G1  phone  was  that  T- 
Mobile  would  throttle  data  rates  for  users 
who  exceeded  1GB  per  month.  Excuse  me? 
Now  there’s  a  dumb  decision,  and  it  looks 
like  T-Mobile  has  realized  the  errors  of 
their  ways,  backing  off  that  decision.  So, 
you  have  to  ask  why  T-Mobile  made  such  a 
decision  in  the  first  place. Two  likely  possi¬ 
bilities  jump  to  mind:T-Mobile  anticipated 
it  might  be  overwhelmed  with  customers 
buying  and  using  the  G1  Android  phones 
to  surf  the  Internet,  trying  out  and  showing 
off  their  new  smartphone  doodad;  or  T- 
Mobile  has  genuine  concerns  about  the 
capacity  or  resilience  of  its  new  G3  net¬ 
work."  www.nwdocfinder.com/6844 

■  Gartner  advises  Cisco  customers  to 
proceed  with  caution  with  the  compa¬ 
ny’s  WAAS  wares.  Larry  Chaffin  writes  in 
his  Putting  Realism  Into  Your  Network 
blog:  “Gartner  tells  us  all  what  we  already 
knew  about  the  Cisco  [Wide  Area 
Application  Services],  it  is  immature.  .  .  . 
Gartner  put  this  paper  together  after  get¬ 
ting  feedback  from  Cisco  WAAS  cus¬ 
tomers,  so  this  is  not  a  competitive  com¬ 
pany  making  these  claims.  Gartner  said 
problems  with  software  quality  and  stabil¬ 
ity  issues  should  make  customers  wary 
and  that  the  product  is  still  immature  com¬ 
pared  with  its  competitors.  It  reported  that 
customers  say  Cisco  WAAS  does  not 
meet  Cisco’s  standards  and  it  has  taken 
some  customers  six  months  or  more  to 
resolve  significant  bugs."  www.nwdoc 
finder.com/6845 

■  internet  users  easily  fooled  by 
bogus  popups,  study  finds.  The  Alpha 
Doggs  blog  reports:  "Most  Internet  users 
can’t  tell  the  difference  between  legitimate 
popup  warnings  on  their  computer  screens 
and  fake  ones  designed  to  trick  people  into 
downloading  malware,  according  to  a  new 
North  Carolina  State  University  study.  And 
that's  even  when  warned  not  to  click  on 
suspicious-looking  popups.  ‘This  study 
demonstrates  how  easy  it  is  to  fool  people 
on  the  Web,'  said  study  co-author  Michael 
Wogalter,  professor  of  psychology  at  NC 
State,  in  a  statement.Then  again,  he  said  he 
wasn’t  really  sure  how  credible  companies 
could  come  up  with  warnings  that  couldn’t 
be  duplicated  by  malware  purveyors.” 
www.nwdocfinder.com/6847 


Tech  exec:  Covering  an  area  of  640  square 
miles,  Houston  is  home  to  more  than  2  mil¬ 
lion  people  —  almost  4  million  if  you  count 
the  full  metropolitan  area.The  center  of 
Houston  is  only  about  50  miles  from  the  Gulf 
Coast.  Normally  we  Houstonians  like  our  prox¬ 
imity  to  the  sea:  Galveston  Island  and  other 
nearby  beach  towns  are  our  playground 
throughout  the  year.  Just  four  days  ago,  how¬ 
ever,  Hurricane  Ike  changed  all  that.  Making 
landfall  on  the  eastern  end  of  Galveston,  Ike 
raced  across  the  narrow  island  and  into 
Galveston  Bay,  then  up  the  Houston  Ship 
Channel  and  straight  into  the  annals  of  his¬ 
tory  On  his  way  to  becoming  one  of  this 
country’s  most  costly  natural  disasters,  Ike 
struck  a  terrible  blow  to  Houston  and  many 
surrounding  communities.This  article  isn’t 
about  the  real  human  suffering  of  those  who 
were  killed  or  injured,  or  who  lost  their  homes 
or  livelihood.  I  couldn’t  begin  to  cover  that 
tragic  news.  My  story  is  about  something 
much  more  familiar  to  Network  World  read¬ 
ers:  the  disruption  to  our  electronic  lives.  For 
years  we  have  been  hearing  about  the  digital 
divide  —  the  chasm  created  when  one  por¬ 
tion  of  the  world’s  population  has  full  access 
to  the  broad  range  of  knowledge  posted  to 


the  Internet  and  the  rest  of  the  population 
does  not.This  week,  courtesy  of  Hurricane 
Ike,  I  am  learning  about  another  kind  of 
divide.  Call  it  the  electronic  divide,  if  you  like. 
It’s  the  difference  between  having  and  not 
having  access  to  the  utilities  we  all  take  for 
granted:  electricity  phone  and  even  Internet. 

It  also  emphasizes  the  manmade  weaknesses 
we  create  when  we  are  too  dependent  on 
technologywww.nwdocfinder.com/6833 

Messaging:  In  2004,  Jeremy  Jaynes  was  sen¬ 
tenced  to  nine  years  in  prison  for  violating 
Virginia’s  fairly  restrictive  antispam  law.  Earlier 
this  year,  he  appealed  to  Virginia’s  Supreme 
Court,  and  his  conviction  was  upheld.  He 
appealed  again,  and  the  week  before  last,  his 
conviction  was  overturned. The  court  ruled 
that  the  Virginia  law  was  too  broad  because  it 
did  not  provide  an  exemption  for  religious 
and  political  spam  messages.The  court,  in 
rendering  its  decision,  agreed  that  spammers 
have  the  right  to  express  their  political  or  reli¬ 
gious  beliefs  even  if  they  forge  their  identity  1 
believe  that  the  Virginia  ruling  will  have  signif¬ 
icant  long-term  impacts  on  users  of  messag¬ 
ing  and  unified  communications. 
www.nwdocfinder.com/6834 
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CUSTOMER  CARE  THAT  SUITS  YOUR  BUSINESS 

Years  of  experience  enables  Sprint  customer  care  representatives  to  consistently  provide 
solutions  that  keep  enterprise  networks  at  peak  performance  and  availability. 


hen  a  nationwide  bank  was  looking  to  replace  the  dialup 
ISDN  lines  that  linked  ATMs  around  the  country  to  its  data 
center,  the  Sprint  customer  care  team  came  up  with  a  novel 
solution.  It  started  with  wireless  connectivity  from  the  ATMs 
to  the  Sprint  MPLS  network  that  connected  to  the  bank’s  data  center, 
a  solution  that  cut  monthly  service  costs  by  more  than  half. 

But  the  bank  also  needed  a  cost-effective  solution  for  managing  the 
wireless  modem  and  Sprint  Mobile  Broadband  card  at  each  ATM  loca¬ 
tion.  That’s  when  the  design  team  hit  on  a  deal-making  idea. 

“The  customer  already  had  a  field  force  of  ATM  technicians  who 
would  have  to  be  on  site  if  there  was  any  kind  of  failure,”  says  Art 
Constantine,  a  Director  of  Wireline  Service  Delivery  at  Sprint.  “We 
created  a  toolkit  for  them  with  spare  equipment  in  it  for  the  wireless 
network.  Anytime  they  use  anything  out  of  the  toolkit,  they  let  us  know 
and  we  send  them  a  new  one.” 

Sprint  customers  benefit  every  day  from  that  kind  of  innovative  think¬ 
ing  on  the  part  of  Sprint  customer  care  teams.  The  bank’s  experience 
shows  how  the  Sprint  team  works  together  on  behalf  of  customers  to 
help  them  control  costs  while  implementing  services  that  give  them  a 
competitive  edge.  It  also  shows  how  Sprint  can  seamlessly  implement 
converged  wireline  and  wireless  solutions,  an  important  capability  in 
an  era  when  employees  must  be  enabled  to  work  virtually  wherever 
and  whenever  they  need  to  conduct  business. 

Of  course  customer  requirements  vary  widely,  so  Sprint  offers  an 
array  of  services  to  address  their  varying  needs.  Whether  it’s  a  con¬ 
verged  voice,  data  and  video  network,  a  managed  service  or  an  inter¬ 
national  network,  Sprint  has  the  products  -  and  support  -  to  keep  the 
network  up  and  running. 

SATISFIED  CUSTOMERS 

Employees,  partners  and  customers  alike  expect  the  network  to  be 
“always  on,”  so  support  has  perhaps  never  been  more  important.  And 
Sprint  is  achieving  high  grades  from  its  customers. 

Wireline  customer  service  satisfaction  has  shown  consistent  im¬ 
provement,  culminating  in  more  than  94%  of  customers  saying  in  June 
2008  that  they  are  satisfied  with  the  performance  of  the  Sprint  busi¬ 
ness  service  center  overall  as  well  as  their  individual  representative, 
according  to  the  GfK  Custom  Research  North  America,  which  con¬ 
ducts  monthly  customer  satisfaction  surveys  for  Sprint  (see  graphic). 

Jerry  Williams,  Sprint  Director  of  Customer  Care  for  Implementation 
Support,  says  those  scores  stem  from  the  experience  of  the  Sprint 
team.  The  average  Sprint  wireline  support  specialist  has  been  on  the 
job  for  more  than  12  years,  and  the  specialists  have  an  attrition  rate 
of  only  1 .2%  per  year. 

“We  have  people  who  can  think  outside  the  box,  and  we  go  outside 
the  box  a  lot.  People  feel  confident  doing  what  they  need  to  do  to  take 
care  of  customers,”  Williams  says. 

OFFERINGS  FOR  EVERY  NEED 

Sprint  provides  myriad  offerings  designed  to  meet  the  support  needs 
of  any  customer,  including: 

Dedicated  account  management:  All  members  of  your  Sprint  ac¬ 
count  team  have  their  own  specific  responsibilities.  As  your  product 
and  service  requirements  grow,  so  will  your  account  team. 


Enterprise  network  design:  Sprint  has  a  specialized  organization, 
the  Enterprise  Network  Design  Group  (ENDG),  to  assist  in  determin¬ 
ing  the  best  technological  solution  for  your  business  applications. 

Implementation  project  management:  Sprint  provides  a  single 
point  of  contact  that  works  closely  with  the  customer  team  to  ensure 
successful  project  implementation.  This  dedicated  Implementation 
Project  Manager  (IPM)  supports  every  part  of  the  process  and  is  an 
integral  part  to  the  planning,  design  and  execution  of  the  customer’s 
customized  solution. 


'  CONSISTENT  SATISFACTION  ' 

In  ongoing  satisfaction  surveys,  Sprint  customers  report  consistently 
high  grades  for  the  Sprint  Business  Service  Center  overall  as  well 
as  for  individual  representatives. 

Overall  Business  Service  Center  Satisfaction 


Overall  Satisfaction  with  Business  Service  Center  Representative 

%  Very  Satisfied/Satisfied 


93.2 

90.9 

92.8 

94.3 

94.6 

Q2 

Q3 

Q4 

Q1 

Q2 

’07 

’07 

’07 

’08 

’08 

SOURCE:  GfK  Custom  Research  North  America  surveys  conducted  for 
Sprint.  More  than  600  customers  participated  in  each  survey. 


Performance  management:  In  addition  to  monitoring  its  own  net¬ 
work  24x7,  Sprint  offers  its  business  customers  Compass,  a  web- 
based,  on-demand  support  tool  to  optimize  and  manage  their  own  IP/ 
MPLS  networks.  Compass  is  a  self-service  portal  that  allows  users  to: 

•  Quickly  locate  network  connections,  ports  and  configurations 

•  Obtain  real-time  network  status  and  performance  statistics 

•  Access  historical  reports  and  Class-of-Service  policy  performance 

•  Perform  initial  troubleshooting  and  testing  prior  to  reporting  an  issue 

•  Initiate  network  change  requests 

Global  customer  resource  centers:  From  regional  support  centers 
in  Europe,  Asia-Pacific  and  the  Americas,  Sprint  provides  in-language 
troubleshooting  during  local  customary  business  hours  as  well  as 
after-hours  support. 

Sprint  takes  pride  in  providing  business  customers  the  best  support 
possible  for  their  wireline  and  other  Sprint  services,  including  for  con¬ 
verged  wireless/wireline  networks.  It  was  especially  gratifying,  then,  to 
earn  2008  Domestic  Wholesale  Best  in  Class  awards  in  categories  of 
Provisioning  and  Customer  Service  from  the  consulting  and  research 
firm  ATLANTIC-ACM. 

“We  take  time  to  get  to  know  our  customers  and  understand  what’s 
important  to  them,”  as  Constantine  puts  it.  “We  set  expectations  that 
are  achievable  and  meet  the  customer’s  needs.  And  then  we  strive  to 
meet  those  commitments.” 


Learn  more  about  what  Sprint  can  do  for  you 

Visit:  www.sprint.com 
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Cisco  releases  bundle  of 
router  security  patches 

Cisco  has  issued  a  set  of  security  patches  for  the  Internet  Operating  System 
software  used  to  power  its  routers  and  switches.The  patches  were  published 
last  Wednesday,  the  date  Cisco  had  previously  set  aside  as  the  latest  release 
date  for  its  twice-yearly  IOS  patches.  Cisco  also  published  12  security  advisories 
describing  the  bugs,  noting  that  many  of  these  vulnerabilities  could  be  exploited 
by  attackers  to  crash  an  IOS  device.  One  of  the  bugs,  a  flaw  in  SNMP  could  be 
exploited  by  an  attacker  to  seize  control  of  the  router.  However,  only  specially  con¬ 
figured  Cisco  uBR10012  series  devices,  used  by  telecommunications  companies 
to  connect  broadband  customers  to  the  Internet,  are  affected  by  the  flaw,  Cisco 
said. Symantec  rates  this  flaw  critical  and  advised  users  of  these  devices  who  have 
configured  their  routers  for  linecard  redundancy  apply  the  patches  as  soon  as 
possible.  Other  bugs  that  were  patched  affect  Cisco’s  multicast,  SSL  processing, 
and  Session  Initiation  Protocol  software.www.nwdocfinder.com/6852 


Sprint’s  WiMAX  network  set  for  October 
launch.  After  months  of  anticipation,  Sprint 
Nextel  will  make  its  WiMAX  network  available 
commercially  for  the  first  time  in  Baltimore 
next  month.  Some  had  questioned  Sprint’s 
commitment  to  rolling  out  WiMAX  services 
last  year  after  ex-CEO  and  WiMAX  proponent 
Gary  Forsee  resigned. The  mobile  broadband 
technology’s  future  was  further  clouded  after 
Sprint  and  rural  carrier  Clearwire  last 
November  called  off  their  plans  to  jointly 
build  out  a  nationwide  WiMAX  network.  But 
after  securing  investments  from  several  major 
technology  and  communications  companies 
—  including  Google,  Intel,  Comcast.Time- 
Warner  Cable  and  Bright  House  Networks  — 
Sprint  and  Clearwire  teamed  again  to  create  a 
$14.5  billion  WiMAX  venture. The  group’s  goal 
has  been  to  roll  out  services  in  Baltimore, 
Washington,  D.C.,  and  Chicago  this  fall,  with 
plans  to  launch  the  technology  nationwide 
next  year,  www.nwdocfinder.com/6853 

OpTier  raises  $62  million  in  funding. 

OpTier  landed  more  than  $62  million  in  new 
funds  to  augment  development  of  its  business 
transaction-management  software  and  pro¬ 
mote  company  growth,  potentially  via  acquisi¬ 
tion.  OpTier,  founded  in  December  2002, 
closed  a  fourth  round  of  funding  totaling 
$47.5  million  from  new  investors  Index  Ven¬ 
tures  and  Morgan  Stanley  and  existing  inves¬ 
tors  Pitango  Venture  Capital,  Carmel  Ventures, 
Lightspeed  Venture  Partners,  Gemini  Israel 
Funds  and  strategic  partner  Cisco.  Separately, 
OpTier  announced  it  secured  a  $15  million 
credit  line  with  Plenus  Venture  Lending,  an 
Israel  equity-based  debt  fund  that  provides 
credit  facilities  to  revenue-stage  technology 
companies.The  funds  will  be  put  to  use  to 
“aggressively  pursue  plans  to  enhance  and 
broaden  the  company’s  offerings  in  the  busi¬ 
ness  transaction-management  market  via 


acquisition  and  organic  development,”  a  com¬ 
pany  statement  reads. 

www.nwdocfinder.com/6854 

NASA  ramps  up  weather  research  with 
supercomputer  cluster.  NASAs  Center  for 
Computational  Sciences  is  nearly  tripling  the 
performance  of  a  supercomputer  it  uses  to 
simulate  Earth’s  climate  and  weather,  and  our 
planet’s  relationship  with  the  sun.The  agency 
is  deploying  a  67-teraflop  machine  that  takes 
advantage  of  IBM’s  iDataPlex  servers,  new 
rack-mount  products  origi¬ 
nally  developed  to  serve 
heavily  trafficked  social¬ 
networking  sites.The 
servers  use  an  innovative 
design  that  saves  on  power 
and  cooling  costs  by  plac¬ 
ing  the  servers  sideways 
and  using  a  liquid-cooled 
rear-door  heat  exchanger. 

At  NASA,  scientists  are  inte¬ 
grating  the  iDataPlex  clus¬ 
ter  with  an  existing  system, 
resulting  in  the  addition  of 
1,024  quad-core  Intel  Xeon  processors  and 
raising  performance  capabilities  from  25  to  67 
teraflops  (trillion  calculations  per  second). 
www.nwdocfinder.com/6855 

Intrusion-prevention  systems  still  not 
used  full  throttle.  Network-based  intrusion- 
prevention  systems  are  inline  devices  that 
detect  and  block  a  wide  variety  of  attacks,  but 
the  equipment  still  is  used  often  more  like  an 
intrusion-detection  system  to  monitor  traffic 
passively  new  research  shows.  Infonetics  Re¬ 
search  interviewed  169  security  professionals 
responsible  for  managing  IPSes  in  their  orga¬ 
nizations  to  find  out  whether  the  full  features 
of  the  IPS  filters  for  blocking  attacks  were 
actually  used,  and  the  reasons  why  they 


weren’t.The  first  step  in  an  IPS  typically  is  the 
decision  to  use  it  in-band  or  not;  Infonetics 
found  that  91%  ofTippingPoint  (which  com¬ 
missioned  the  study)  customers  did  so,  along 
with  70%  of  Cisco  customers,  67%  of  IBM  and 
McAfee  customers,  and  about  55%  of 
Sourcefire  customers.  Reasons  cited  for  not 
wanting  to  run  an  IPS  in-band  were  reliability 
throughput,  traffic  latency  and  false  positives. 
“People  are  still  very  cautious  with  IPS,” says 
Jeff  Wilson,  principal  analyst  for  network  secu¬ 
rity  at  Infonetics.“My  main  impression  is  we 
are  still  not  in  an  all-IPS  world,  as  much  as 
everyone  would  like  to  pretend  we  are.” 
www.nwdocfinder.com/6856 

Microsoft  pitches  data-center  tent.  IT 

professionals  are  pushing  the  operating  para¬ 
meters  that  server  vendors  recommend  for 
such  factors  as  air  temperature  and  humidity 
and  finding  that  servers  often  are  far  hardier 
than  they  expect.The  difference  can  mean 
significant  operations  savings.  Microsoft 
recently  found  that  a  little  rain,  uncontrolled 
temperature  and  even  leaves  sucked  into 
server  fans  had  no  negative  effect  on  servers. 
In  a  small  experiment,  two  Microsoft  employ¬ 
ees  put  five  HP  DL585  servers  in  a  large, 
metal-frame  tent  outside  from  November 

2007  through  June  2008  and  had  zero  fail- 
ures.“While  I  am  not  suggesting  that  this  is 
what  the  data  center  of  the  future  should 
look  like  ...  I  think  this  experiment  illustrates 
the  opportunities  that  a  less  conservative 
approach  to  environmental  standards  might 
generate,”  wrote  Christian  Belady,  principal 
power  and  cooling  architect,  in  a  blog  post. 
Similarly  Intel  recently  published  a  study 
about  a  data  center  test  it  conducted  that 
relied  almost  exclusively  on  outside  air  for 
cooling. The  test  environment  had  a  failure 
rate  very  similar  to  the  failure  rate  of  one 
using  traditional  air  conditioning  and  humid¬ 
ity  controls,  Intel  found. 
www.nwdocfinder.com/6857 

Unisys  CEO  steps  down.  Unisys  CEO 
Joseph  McGrath  will  resign  his  position,  the 
company  said  last  week.  McGrath,  who  will 
continue  running  day-to-day  operations  until 
a  successor  is  found,  has  held  the  top  job 
since  2005,  but  the  board  now  is  searching  for 
a  new  leader.  On  July  23  Unisys  reported  that 
revenue  for  the  second  quarter  of  2008 
declined  3%  to  $1.34  billion  from  $1.38  billion 
in  the  same  quarter  last  year. The  company’s 
strategic  focus  was  outsourcing,  enterprise 
security  and  open  source  services,  in  the  face 
of  lower  revenue  during  the  quarter,  primarily 
because  of  weakness  in  the  financial  services 
industry,  McGrath  said  in  July.  Recently  Unisys 
announced  the  availability  of  its  services- 
based  solutions  for  Microsoft  Windows  Server 

2008  Hyper-V  and  the  Microsoft  System 
Center  management  suite. 
www.nwdocfmder.com/6858 
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Enterasys  CEO 
Fabiaschi  dies  suddenly 


Chairman  Mark  Stone 
named  interim  CEO 

BY  JIM  DUFFY 

Enterasys  President  and  CEO  Mike  Fabiaschi 
passed  away  suddenly  last  week  at  his  home 
in  Rye,  N.H.  He  was  53. 

Enterasys  Chairman  Mark 
Stone  has  been  named  interim 
CEO. 

Fabiaschi,  a  25-year  industry 
veteran,  joined  Enterasys  in  April 
2006.  He  came  to  the  company 
from  management  software  giant 
CA,  where  he  was  a  senior  vice 
president  responsible  for  launch¬ 
ing  CAs  efforts  in  the  telecommu¬ 
nications  vertical  and  for  its  fault 
and  performance  management 
software  business. 

Prior  to  CA,  Fabiaschi  was 
president  and  CEO  of  Aprisma, 
a  fault-  and  performance-man¬ 
agement  company  that  was 
spun  out  from  Enterasys  in 
2002  and  bought  by  The  Gores 
Group,  which  leads  the  private  investor 
group  that  purchased  Enterasys  in  March 
2006. 

“Mike  led  Enterasys  and  other  technology 
companies  with  a  passion  for  driving  cus¬ 
tomer-centric  changes  and  sales  skill  leader¬ 
ship,”  Stone  said  in  a  statement.  “He  put  his 
heart  and  his  mind  into  every  effort  in  both  his 
personal  and  professional  life.  Mike  leaves  a 
remarkable  legacy  that  his  business  associates 
and  friends  will  benefit  from  for  years  to 
come.” 

Fabiaschi  had  just  helped  swing  a  $550  mil¬ 
lion  deal  for  Gores  to  acquire  Siemens’ 
Enterprise  Communications  group  and  com¬ 
bine  it  with  Enterasys  and  other  Gores  assets. 
The  deal  enabled  Enterasys  to  obtain  a  signif¬ 
icant,  multibillion  dollar  presence  inVoIRsecu- 
rity  and  wireless  in  order  to  better  compete 
with  Cisco  in  the  Ethernet  switching  market. 

Fabiaschi  hinted  at  such  ambitions  months 
before  the  deal. 

“Mike  was  an  outstanding  individual,  a  val¬ 
ued  friend  and  he  will  be  sorely  missed  by 
everyone,”  said  Alec  Gores,  founder,  chairman 
and  CEO  of  The  Gores  Group,  in  a  statement. 
“Our  sympathies  are  with  his  wife  and  family 
during  this  difficult  time.” 

Fabiaschi  is  survived  by  his  wife  and  two 
daughters,  one  grandchild,  four  siblings  and 
his  father. 

Fabiaschi  also  served  as  chairman,  president 
and  CEO  of  LPA/XELUS,  a  service  and  supply 


chain  management  software  company  in  the 
high-tech,  transportation,  aerospace  and  de¬ 
fense  industries.  He  also  served  as  president 
and  CEO  of  Zamba/Racotek,  a  public  wireless 
networking  and  CRM  systems  provider. 

Prior  to  Zamba/Racotek,  Fabiaschi  held  sev¬ 
eral  senior  sales  positions  at  MAIBasic  Four 
and  Burroughs  Corporation. 

“The  industry  has  lost  a  great 
leader’’  said  Network  World  CEO 
John  Gallant. “Mike  was  a  cham¬ 
pion  of  the  view  that  customers 
are  your  best  asset  and  he 
worked  so  hard  to  build  and  nur¬ 
ture  strong  customer  relation¬ 
ships.  He  really  focused  on  mak¬ 
ing  the  companies  he  worked 
with  more  responsive  and  open 
to  customers  and  ensuring  that 
their  needs  were  met.  IT  execu¬ 
tives  have  lost  a  good  friend  and 
the  industry  is  diminished  by  his 
passing.” 

Here’s  what  one  of  Fabiaschi’s 
Enterasys  customers  wrote  to  us: 

“The  news  today  of  the  pass¬ 
ing  of  Mike  Fabiaschi  has  sad¬ 
dened  us  all  here  at  UNC.  Our  prayers  and 
concerns  go  out  to  his  family  and  all  in 
Enterasys  who  were  privileged  as  we  were 
to  work  with  Mike. 

At  a  personal  level,  Mike  was  to  all  of  us  a 
likable,  warm  fellow.  However,  it  was  his 
character  and  values  that  he  brought  to 
business  that  are  most  unique.  It  is  hard  to 
put  into  words  these  values.  Those  that 
stand  out  to  me  are: 

•  Real  customer-driven  business,  not  just  lip 
service 

•  True  customer  engagement 

•  Develop  the  best  products 

•  Be  the  best,  not  necessarily  the  biggest 

•  Differentiate  from  other  companies 

•  Bring  value  to  your  products 

•  Support  employees  who  produce 

•  Standards-based  products  taking  the 
longer,  wider  view 

•  Leadership  without  arrogance 

In  our  world  there  is  much  news  of  big  busi¬ 
ness  doing  illegal  and  unethical  things.  When 
constant  reminders  of  this  would  invariably 
get  me  down,  I  would  always  remember  Mike 
Fabiaschi  and  know  it  was  possible  to  run  a 
business  AND  do  it  right.  He  will  be  missed.” 

Mike  Hawkins 
Associate  Director  of  Networking 
University  of  North  Carolina  at  Chapel  Hill 

To  read  more  comments  readers  left  in 
memory  of  Fabiaschi,  go  to  www.nwdocfind 
er.com/6843  ■ 


Enterasys 
President  and  CEO 
Mike  Fabiaschi  was 
known  for  making 
companies  more 
responsive  to  cus¬ 
tomer  needs. 


InBrief 


McAfee  to  acquire  Secure 
Computing 

McAfee  announced  an  agreement  to  acquire 
Secure  Computing  in  a  transaction  valued  at 
$465  million. The  deal  is  aimed  at  combining 
Secure  Computing’s  strengths  in  firewall, 
Web  and  e-mail  gateway  filtering  with 
McAfee's  intrusion  prevention,  desktop 
encryption,  data-loss  prevention,  antimal¬ 
ware  and  regulatory  compliance  technolo¬ 
gies.  John  Pescatore,  an  analyst  at  Gartner, 
says  the  merging  of  these  security  firms  pro¬ 
vides  a  benefit  of  scale  in  product  offerings. 
“It  gives  McAfee  and  Secure  Computing  a 
way  to  compete  with  Cisco  and  Juniper," 
Pestacore  says.  But  he  also  notes  there  is 
overlap  in  the  product  lines  with  both  ven¬ 
dors  supplying  Web  gateways.  McAfee, 
headquartered  in  Santa  Clara,  Calif.,  has 
4,558  employees  globally  and  Secure 
Computing,  with  about  900  employees,  is 
headquartered  in  San  Jose. The  vast  majority 
of  Secure  Computing  employees  are  expect¬ 
ed  to  join  McAfee. 

Red  Hat  beats  earning 
estimates 

Red  Hat  slightly  topped  analysts'  estimates 
by  posting  revenue  for  the  fiscal  2009  second 
quarter  of  $164.4  million.  Analysts  polled  by 
Thomson  Reuters  had  been  expecting  $163.6 
million  from  the  Linux  and  open  source  soft¬ 
ware  vendor.  Red  Hat’s  second-quarter  rev¬ 
enue  represents  a  29%  increase  over  the 
same  quarter  a  year  ago.  Net  income  for  the 
quarter  was  $21.1  million,  a  nearly  16% 
increase  over  last  year.  During  the  company's 
earnings  call  with  financial  analysts,  Red  Hat 
CEO  Jim  Whitehurst  said  the  vendor  contin¬ 
ues  “to  see  strong  renewal  and  up-sell  from 
our  customer  base.  Cost  savings  is  resonat¬ 
ing  well."The  company’s  JBoss  middleware 
business  is  growing  at  a  rate  that  is  more 
than  twice  that  of  Red  Hat’s  platform  busi¬ 
ness  anchored  by  the  Red  Hat  Enterprise 
Linux  operating  system,  Whitehurst  said. 

IBM  launches  four  cloud¬ 
computing  centers 

IBM  opened  cloud-computing  centers  in  four 
countries  last  week  to  let  enterprises,  uni¬ 
versities  and  governments  test  Web-based 
services  and  applications.The  cloud-comput¬ 
ing  centers  are  in  Bangalore,  India;  Hanoi, 
Vietnam;  Sao  Paulo,  Brazil;  and  Seoul,  South 
Korea.  Cloud  computing  is  a  new  technology, 
and  issues  such  as  usage  models  need  to  be 
studied,  said  Ponani  Gopalakrishnan,  vice 
president  of  IBM’s  India  Software  Lab. 
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Another  Day,  Another  Crisis? 

The  Common  Denominator  in  Performance  Nightmares 


Just  Another  Day  at  the  Office 

You’ve  probably  had  it  happen,  and 
there’s  nothing  quite  like  it.  First  thing 
Monday  morning,  a  “MUST  be  handled 
before  noon!”  list  of  emergencies  hits  you 
in  the  face: 

•  The  sales  manager  is  squawking 
because  CRM  database  is  slow. 

•  Accounting  is  nagging  because 
email  is  slow. 

•  The  NAS  server  is  averaging 
unacceptably  high  counts 
of  queued  disk  I/Os. 

•  You’re  getting  constant  poor 
performance  alerts  from  the  SAN. 

•  Backups  have  not  been  complet¬ 
ing  during  the  backup  window. 

These  nagging,  ulcer-creating  problems 
are  also  the  subject  of  several  emails  from 
the  CFO  because,  on  top  of  being  bad 
for  company  production,  in  this  time  of 
economic  uncertainty  they’re  also  bad  for 
business.  Work  is  being  slowed  down  and 
the  company  is  losing  money. 

The  Culprit 

The  common  hardware  denominator 
to  all  these  crises  is  the  hard  drive — the 
slowest  link  in  a  computer  system.  If  the 
data  on  a  hard  drive  is  fragmented,  that 
already  dragging  weakest  link  becomes 
agonizingly  slower. 

With  frenetic  requirements  for  continu¬ 
ous  data  access,  enormous  files  and  huge 
disk  capacities,  fragmentation  is  worse 
than  ever;  files  in  hundreds  or  even 
thousands  of  fragments  aren’t  at  all  un¬ 
common.  Brett  Taylor,  of  Van  Wert  Medical 
Services,  discovered  just  how  bad  it  can 
get.  “Our  electronic  medical  records 
server  is  a  Microsoft®  SQL  Server®  and 
one  day  it  came  to  a  halt,”  he  says.  “I  did 
everything:  ran  spyware  software,  delet¬ 
ed  numerous  temp  hies,  ran  Windows® 
update,  etc.  but  nothing  would  allow  the 
server  to  run.  It  turned  out  that  the  hard 
drive  was  horribly  fragmented.” 

Craig  Merchant  of  Pace  Engineering, 
San  Francisco,  discovered  very  similar 
problems.  “I  get  a  huge  amount  of  frag¬ 
mentation  when  I  run  multiple  virtual 
machines  on  my  system  using  VMware®,” 
he  reports.  “I’ve  had  as  much  as  20%  frag¬ 
mentation  that  the  Windows  defrag  util¬ 
ity  couldn’t  get  rid  of.  In  my  experience, 


virtual  machines  fragment  their  disks  as 
much  as  real  machines.  But  Windows 
systems  running  VMware  tend  to  have 
extreme  fragmentation  problems,  partic¬ 
ularly  when  running  multiple  VM’s.” 

Making  Mondays  Go  Away 

Making  the  right  defragmentation 
technology  choice  in  today’s  frantic 
fragmentation  environment  is  vital. 
Scheduled  defragmentation  has  become 
a  problem  due  to  the  IT  hours  required 
to  schedule  defragmentation  and  the 
downtime  required  for  the  defragmenter 
to  run.  But  worst  of  all,  scheduled 
defragmentation  is  no  longer  fully 
addressing  fragmentation. 

The  only  solution  that  stands  up  to 
today’s  escalating  fragmentation  is 
Diskeeper®.  Diskeeper’s  proprietary 
InvisiTasking®  technology  makes  for 
completely  automatic,  invisible  defrag¬ 
mentation.  Because  it  utilizes  otherwise 
idle  resources,  it  requires  absolutely  no 
scheduling,  freeing  up  IT  time  for  more 
important  tasks.  There  is  never  a  negative 
performance  hit  during  defragmenta¬ 
tion,  and  system  performance  and 
reliability  are  consistently  maximized. 

Reliability  and  Performance 
Issues  Become  Nonexistent 

Mike  Driest,  Network/Systems 
Administrator  for  Industrial  Control 
Repair  in  Warren,  Michigan,  has  found 
Diskeeper  to  be  the  only  solution. 
“Automatic  disk  defragmentation  for 
a  server  is  like  oil  for  the  engine  in 


your  car,”  he  says.  “One  of  the  most 
useful  features  about  Diskeeper, 
when  using  it  on  our  20+  servers,  is 
the  automatic  defragmenting  with 
InvisiTasking.  Diskeeper  helps  all  of 
our  servers  (Domain  Controllers, 
File,  Exchange,  SQL,  Web,  etc.) 
perform  at  their  very  best.  Reliabil¬ 
ity  and  performance  issues  relating  to 
a  lack  of  defragmentation  do  not  exist 
in  our  environment.” 

Diskeeper  has  proven  the  solution 
for  Andrew  Wise,  Senior  Network 
Engineer  at  Datacore  Marketing 
in  Westwood,  Kansas  as  well. 
‘We  run  Diskeeper  primarily 
on  our  SQL  database  servers  with 
Fibre  Channel  SAN  connectivity,”  he 
says.  “It  keeps  the  database  and  log  files 
defragmented  at  the  OS  level  to  reduce 
the  I/O  on  our  SAN.  After  installing 
Diskeeper  and  doing  a  full  defrag,  we 
noticed  around  10-15%  reduction  in 
the  amount  of  I/O  generated  and  in  the 
amount  of  time  it  took  for  the  SAN  to 
service  each  request.  We  are  a  Microsoft 
SQL  Server  database  shop  and  we  process 
terabytes  of  SQL  data  on  a  daily  basis,  so  any 
reduction  in  the  amount  of  time  it  takes  to 
do  that  processing  save  us  money.” 

Diskeeper  with  InvisiTasking  makes  for 
smooth,  calm  Monday  mornings  for  these 
and  thousands  of  other  enterprises  the 
world  over.  Take  advantage  of  our  special 
offer  and  find  out,  free  of  charge,  what  it 
can  do  for  you. 


SPECIAL  OFFER: 

Discover  how  vital  Diskeeper 
with  InvisiTasking  is  to  you: 

Get  your  FREE  fully  operational 
trial  version  for  45  days  now! 
(Extended  from  30  days) 
Download  at: 

www.diskeeper.com/performance 

Volume  licensing  and  Government/Education 
discounts  are  available  by  calling  800-829-6468, 
extension  4145. 
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Nortel  looking  more  to  software 

Company’s  Metro  Ethernet  Networks  business  is  up  for  sale 


BY  JIM  DUFFY 

Nortel’s  decision  to  divest  its  carrier 
Ethernet  and  optical  businesses  was  based  on 
the  company’s  shift  to  a  more  software-driven 
business  model,  the  outgoing  head  of  those 
businesses  says. 

Nortel  is  shopping  its  Metro  Ethernet  Net¬ 
works  unit  to  raise  cash  for  other  key  product 
areas,  which  now  include  carrier  Volf?  enter¬ 
prise  and  “application  services,”  says  Philippe 
Morin,  departing  president  of  the  MEN  busi¬ 
ness.  Morin  will  go  to  the  company  that 
acquires  the  division. 

“Nortel  is  really  stating  that  it’s  now  going  to 
focus  more  on  application  services  —  what  we 
basically  call  ICT7  or  Information,  Com¬ 
munication  and  Technology  Morin  says.“When 
you  look  at  MEN  . . .  it’s  addressing  a  unique 
market  —  different  from  all  of  the  other  busi¬ 
nesses  at  Nortel  —  and  it’s  a  market  that 
requires  consolidation.” 

MEN  is  a  $2  billion  business  that  accounts 
for  14%  of  Nortel’s  revenue.  It’s  the  smallest 
piece  of  the  company  pie  after  carrier, 
enterprise  and  services,  but  includes  much 
more  than  just  Nortel’s  -Metro  Ethernet 
Routing  Switch  (MERS)  8600,  the  pillar  of 
the  company’s  ambitious  Provider  Back¬ 
bone  Transport  campaign  for  building 
more  efficient  metro  Ethernet  networks. 
MEN  also  includes  optical  infrastructure 


BILLIONAIRE  BUSINESS 

The  Metro  Ethernet  market 
exceeded  $1.4  billion  in  Q2,  almost 
three  times  its  size  during  the  sec¬ 
ond  quarter  three  years  ago, 
according  to  Dell'Oro.  The  market 
is  expected  to  near  $6  billion  for 
the  year. 


products,  such  as  the  OME  6500  and  40G 
and  100G  metro-  and  long-haul  transport 
systems,  as  well  as  the  Passport  7000  and 
15000  series  multiservice  switches.  Optical 
and  multiservice  switches  are  multibillion- 
dollar  markets  —  the  optical  transport  mar¬ 
ket  is  three  times  the  size  of  the  carrier 
Ethernet  market. 

So,  MEN’S  $2  billion  in  revenue  and  400,000 
installed  network  elements  are  parsed  among 
three  sizable  markets,  not  just  carrier  Ethernet. 

The  market  is  crowded, as  Morin  suggests, but 
also  booming.  In  addition  to  Nortel,  there  are 
20  vendors  making  carrier  Ethernet  switches, 
all  vying  for  a  market  growing  at  a  compound¬ 
ed  annual  rate  of  42.5%,  to  $4.6  billion  in  2007, 
according  to  Dell’Oro  Group.  The  market 


exceeded  $1.4  billion  in  the  second  quarter  of 
2008, almost  three  times  its  size  three  years  ago, 
Dell’Oro  says.  It’s  expected  to  approach  $6  bil¬ 
lion  for  the  full  year. 

Nevertheless, “there  are  way  too  many  play¬ 
ers  here,”  Morin  says.  “Everybody’s  staring  at 
each  other  saying,  ‘Who’s  going  to  pull  out?’ 
We’ve  been  on  that  sort  of  path  for  the  last 
three  years.” 

Morin  wouldn’t  say  if  there  have  been  offers 
for  the  unit,  only  that  there  is  at  least  one  inter¬ 
ested  party  The  deal  is  not  contingent  on 
which  company  might  be  the  acquirer;  the 
focus  is  on  getting  the  most  from  MEN,  he  says. 

“We’re  looking  for  Nortel  to  get  the  most 
value  as  this  asset  is  worth  —  and  this  is 
basically  cash,”  Morin  says. “This  is  not  a  fire 
sale  —  we’re  looking  at  buyers  and  partners 
that  will  come  in  and  really  look  at  us  as  a 
way  to  consolidate  the  industry,  grow  and 
take  a  lead  in  that  market.” 

Other  reasons  behind  the  decision  to 
divest  MEN  were  Nortel’s  need  to  focus  on 
fewer  markets  and  to  allow  the  MEN  busi¬ 
ness  to  thrive  under  new,  less  burdened  own¬ 
ership,  Morin  says. 

“Couple  [our  momentum]  with  a  new 
owner  which  is  really  focused  into  that  mar¬ 
ket,  then  . . .  this  is  absolutely  in  my  mind,  in  a 
great  position  to  lead  and  grow  the  market,” 
Morin  says.  ■ 


Open  source  could  fix  e-voting  flaws 


BY  JON  BRODKIN 

California  Secretary  of  State  Debra  Bowen 
argued  last  week  that  open  source  software 
can  help  fix  some  of  the  flaws  in  electronic  vot¬ 
ing  systems,  which  have  proliferated  through¬ 
out  the  country  since  the  2000  election,  yet 
been  criticized  as  unreliable. 

Software  that  designs  ballots  and  operates 
electronic  voting  machines  would  benefit 
from  more  scrutiny,  Bowen  said  during  a  panel 
discussion  on  e-voting  at  EmTech,  the 
Emerging  Technologies  Conference  at  MIT.  As 
secretary  of  state, she  can  examine  the  code  of 
proprietary  software  under  nondisclosure 
agreements,  but  privileged  information  about 
voting-software  flaws  is  not  easily  accessed  by 
the  public  or  many  county  workers  given  the 
job  of  purchasing  voting  machines, she  said. 

“1  have  a  separate  set  of  documents  that 
only  I  can  see,  that  tell  me  what  some  of  the 
flaws  are  related  to  proprietary  software,” 
Bowen  said, arguing  it  would  be  better  to  dis¬ 
close  all  the  software  details  through  an 
open  source  model. 


Voting  machines  are  purchased  by  individual 
counties  rather  than  the  state,  and  in  many 
cases  the  people  purchasing  these  machines 
don’t  have  any  good  way  to  verify  their  reliabil¬ 
ity  Bowen  said.“We’re  basically  asking  a  county 
IT  professional,  who  may  or  may  not  have  any 
experience  in  crypto-security  to  purchase  a  sys¬ 
tem,”  she  said.  “The  software  is  proprietary  In 
most  cases,  the  person  who  does  the  purchase 
has  no  legal  right  to  review  the  software,  even  if 
they  knew  what  they  were  reviewing.” 

Open  source  software  could  help  design 
more  effective  ballots,  Bowen  said.  Ballots  vary 
widely  by  city  and  neighborhood  because 
there  are  many  local  elected  boards.  One  of 
the  early  problems  California  had  with  touch¬ 
screen  voting  is  that  voters  were  sometimes 
presented  with  the  wrong  ballot,  she  said. 

Bowen,  a  former  lawyer,  state  legislator,  and 
Los  Angeles  County  poll  worker,  was  elected  to 
her  present  position  in  November  2006;  she 
then  commissioned  an  independent  review  of 
the  state’s  voting  technology  and  another 
review  of  its  election-auditing  standards. 


California’s  reviews  determined  there  are 
security  flaws  in  every  voting  system,  whether 
it  be  a  touch-screen  voting  machine  or  a  sys¬ 
tem  that  scans  paper  ballots  marked  by  hand, 
Bowen  said. 

Anyone  with  a  screwdriver  would  have  been 
able  to  access  the  inner  workings  of  certain 
machines,  Bowen  said,  and  others  were  vulner¬ 
able  to  computer  hackers  who  potentially 
could  change  the  results  of  elections.  A  sepa¬ 
rate  analysis  in  2006  by  Princeton  University 
looked  at  the  Diebold  AccuVote-TS  voting 
machine  and  found  it  was  vulnerable  to 
extremely  serious  attacks,  including  the  instal¬ 
lation  of  malicious  code  through  a  removable 
memory  card. 

Bowen  said  she  wants  to  move  away  from 
direct-recording  electronic  (DRE)  voting 
machines,  which  typically  require  voters  to 
cast  votes  using  buttons  or  touch  screens, 
because  they  lack  a  way  to  independently  ver¬ 
ify  results.  Instead,  she  favors  using  optical 
scanning  machines  with  paper  ballots,  which 
allow  hand  counts  if  necessary  ■ 
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SPECIAL  FOCUS:  WIRELESS  NETWORKING 


Four  steps  to  controlling  mobile  devices 


BY  JOHN  COX 


If  you’ve  ever  let  a  stranger  borrow  your  corporate  smartphone,  you 
may  have  just  given  him  a  gift  of  your  company’s  data.The  reason:  he 
might  have  palmed  a  small  USB  device  called  the  CSI  Stick,  and  sur¬ 
reptitiously  plugged  it  into  your  phone.The  device  can  drain  every  bit  of 
data  from  a  cell  phone  in  seconds, says  Patrick  Salmon, a  mobility  archi¬ 
tect  for  Enterprise  Mobile,  a  technology  services  company  that  special¬ 
izes  in  Windows  Mobile  deployments. 


Increasingly,  companies  want  to  give 
mobile  or  field-based  employees  direct, 
instant  access  to  critical  corporate  applica¬ 
tions  previously  accessible  only  from  a  desk¬ 
top.  To  do  so,  existing  security  authentication 
and  management  infrastructures  have  to  be 
extended  and  adapted  so  that  mobile  de¬ 
vices,  along  with  their  data  and  wireless  con¬ 
nectivity  (cellular  orWi-Fi),are  managed  as 
surely  and  fully  as  desktop  PCs. 

But  that’s  not  the  case  in  many  mobile 
deployments  today  according  to  consultants 
who,  like  Salmon,  specialize  in  working  with 


enterprise  customers. “What  we  see  is  an  ill- 
defined  policy  regarding  devices,”  says  Dan 
Croft,  president  and  CEO  of  Mission  Critical 
Wireless,  a  technology  services  company 
that  specializes  in  mobile  deployments. 

Often  personal  handhelds  are  granted 
wireless  access,  something  that  would  never 
be  allowed  with  a  personal  computer,  creat¬ 
ing  security  vulnerabilities,  manageability 
challenges  and  tech  support  burdens,  Croft 
says.  Companies  don’t  plan  beforehand 
about  how  to  handle  lost,  stolen  or  broken 

See  Wireless,  page  14 


Taming  mobile  devices 
for  the  enterprise 


Use  a  comprehensive  mobile 
device  management  suite. 

Enforce  the  strongest  pass- 
word/PIN  the  devices  support. 

•  Know  what  you'll  do  when 
devices  go  missing. 

•  IPsec  and  VPN  keep  network 
connections  safe. 


•  Allow  connections  only  if  clients 
pass  muster. 

•  Selectively  encrypt  device-based 
data:  user  information, 
certificates. 

•  Unless  you're  the 
CIA,  almost  any  encryp¬ 
tion  is  better  than  none. 


There  are  no 
prizes  for  failure. 


www.extremenetworks.com 
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Google  hasn’t  heard  last  from  Ballmer 

Microsoft  CEO  also  addresses  Apple  and  economic,  virtualization  issues 


need  to  do  some  work  to  fundamentally 
reinvent  the  search  business  model.55 

Steve  Ballmer 

CEO,  Microsoft 


BY  JAMES  NICCOLAI,  IDG  NEWS  SERVICE 

Microsoft  may  be  the  only  company  in  a 
position  to  provide  “any  real  competition”  for 
Google  in  the  online  search  business,  CEO 
Steve  Ballmer  said  last  week.  But  first  it  will 
need  to  figure  out  a  way  to  do  it. 

“We  need  to  do  some  work  to  fundamentally 
reinvent  the  search  business  model,”  Ballmer 
said  during  a  dinner  at  the  Churchill  Club  in 
Silicon  Valley  “You  don’t  brute-force  your  way 
into  a  market.You  only  make  great  strides  when 
you  redefine  the  category  for  the  user’’ 

And  that  will  take  some  time.  “It’s  a  five-year 
task,”  Ballmer  said.  Microsoft,  however,  is  ready 
to  spend  a  lot  of  money  trying.  The  company 
told  its  shareholders  recently  that  it  was  pre¬ 
pared  to  lose  5%  to  10%  of  total  operating 
income  for  several  years  to  improve  its  position 
in  search,  Ballmer  said. 

The  CEO  offered  little  in  the  way  of  new  in¬ 
sights  during  the  evening, except  that  Microsoft 
will  discuss  Project  Red  Dog,  its  secretive 
cloud-computing  initiative, at  the  Microsoft  Pro¬ 
fessional  Developer  Conference  next  month. 
Red  Dog  has  been  described  as  “EC2  for 
Windows,”  a  comparison  with  Amazon’s  Elastic 
Compute  Cloud,  said  Ann  Winblad,  a  venture 
capitalist  who  posed  the  questions  to  Ballmer. 
She  asked  him  to  elaborate  but  he  said  she 
would  have  to  wait  for  the  conference  in  six 
weeks. 

Asked  about  server  virtualization,  Ballmer 
said  Microsoft  aims  to  “democratize”  the  tech¬ 
nology  by  offering  lower  prices,  integrated 
management  tools  and  better-quality  software. 
“If  you  want  to  have  virtualization  on  80%  of 
servers  instead  of  5%,  you’d  better  not  charge 
three  times  the  price  of  the  server  for  the  soft¬ 
ware, ”he  said, in  a  jab  at  market  leaderVMware, 
which  has  been  criticized  for  high  prices. 

Asked  about  smartphones,  Ballmer  said 
Nokia,  Research  In  Motion  and  Apple  will 
lose  out  as  the  market  expands  over  the  next 
five  years  because  they  design  their  own  pro¬ 
prietary  hardware  and  tie  it  closely  to  their 
software. 

Nokia  leads  the  smartphone  market  today 
with  about  a  30%  share,  Ballmer  said.  “If  you 
want  to  reach  more  than  that,  you  have  to  sep¬ 
arate  the  hardware  and  software  in  the  plat¬ 
form,”  he  said. 

In  other  words,  Ballmer  thinks  the  same  strat¬ 
egy  that  helped  Microsoft  become  the  leader 
on  the  desktop  —  licensing  its  operating  sys¬ 
tem  for  use  by  other  hardware  makers  —  will 
let  it  win  out  on  smartphones.  Long  term,  he 
said,  the  battle  will  be  between  the  Symbian 
operating  system  (which  now  is  open  source), 
mobile  versions  of  Linux  and  Windows  Mobile. 

Apple  won’t  boost  its  share  of  the  PC  market 
or  become  a  threat  in  the  enterprise  because  it 


won’t  license  its  software  to  others,  according 
to  Ballmer. 

“Apple’s  a  good  company,  I  won’t  take  any¬ 
thing  away  from  them,  but  they  have  a  certain 
kind  of  strategy^’  Ballmer  said. “They  believe  in 
putting  the  hardware  and  software  together. 
They  don’t  believe  in  letting  other  people 
make  it.” 

“I’m  not  saying  there  isn’t  a  threat”  from 
Apple,  Ballmer  said.  But  if  Microsoft  and  its 
PC  partners  “do  our  jobs  right,  there’s  really 
no  reason  Apple  should  get  any  footprint  in 
the  enterprise.” 

Microsoft  does  “very  well  on  balance” 
when  it  comes  to  software  developers,  Ball¬ 
mer  said.  The  company,  however,  has  two 
areas  of  weakness,  according  to  Ballmer:  in 
high-performance  and  technical  computing 
—  which  is  important  to  Microsoft  because 
“there  are  5  million  engineers  and  they  use  a 
lot  of  compute  power”  —  and  in  Web  server 


BY  JOHN  FONTANA 

Information  Cards,  the  identity  specification 
developed  by  Microsoft,  is  headed  to  a  stan¬ 
dards  body  that  will  work  to  ensure  interoper¬ 
ability  among  implementations  and  adoption 
as  a  standard  authentication  method  across 
the  Internet. 

The  Organization  for  the  Advancement  of 
Structured  Information  Standards  (OASIS), 
which  is  known  for  hammering  out  Web  ser¬ 
vices  standards,  has  created  the  OASIS  Identity 
Metasystem  Interoperability  (IMI)  Technical 
Committee.  The  group  plans  to  hold  its  first 
meeting  Sept.  29  in  London. 

This  is  the  first  effort  to  take  the  user-centric 
identity  model  championed  by  Microsoft  and 
others,  such  as  Novell,  Oracle  and  IBM,  and 
have  it  standardized  for  use  across  platforms 
and  across  the  Internet. 


applications,  where  it  is  losing  out  to  Linux 
and  PHP 

“Forty  percent  of  servers  run  Windows,  60% 
run  Linux,”  Ballmer  said.  “How  are  we  doing? 
Forty  is  less  than  60, so  I  don’t  like  it. . .  .We  have 
some  work  to  do.” 

Winblad  asked  about  the  health  of  the  IT 
business  in  light  of  the  economic  crisis  in  the 
United  States. “At  least  for  now,  people  I  talk  to 
in  our  business  are  relatively  —  I  wouldn’t  say 
optimistic  —  but  they  feel  better  than  if  all  you 
did  was  watch  CNBC  all  day?’  Ballmer  said, 
referring  to  the  television  news  channel. 

A  member  of  the  audience  asked  Ballmer 
how  he  manages  his  stress  and  stays  healthy. 
Ballmer,  who  looks  thinner  and  fitter  than  he 
did  a  few  years  ago,  said  his  regime  consists  of 
PowerBars“to  keep  the  blood  sugar  steady?’  “a 
constant  dose  of  caffeine,”  and  running. 

“1  did  a  five-mile  run  this  morning.  It  does  a 
lot  to  ease  the  stress  and  set  up  a  good  day?’  ■ 


Microsoft’s  InfoCard  technology  and  its  user- 
interface  implementation  called  CardSpace 
present  users  with  an  identity-selector  inter¬ 
face,  basically  a  palette  of  secure  identity 
cards  that  can  be  used  to  authenticate  to  vari¬ 
ous  Web  sites  or  such  network  resources  as 
applications  or  databases.  It  is  all  part  of  the 
company’s  Identity  Metasystem  that  also  in¬ 
cludes  back-end  servers  and  gateways  for  ex¬ 
changing  cards  and  the  data  they  contain. 

OASIS  will  focus  on  making  sure  implemen¬ 
tations  of  the  Information  Cards  technology, 
first  introduced  by  Microsoft  in  2005,  are  inter¬ 
operable.  It  will  not  create  an  entirely  new 
specification. 

The  foundation  of  the  IMI’s  work  will  be  built 
around  the  Identity  Selector  Interoperability 
Profile  (ISIP)  from  Microsoft,  the  Web  Services 

See  Info  Cards,  page  36 


Info  Cards  technology  is 
standardization  bound 
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DNS  CHANGE  MAKERS 


I  designed  the  foundations  of  DNS  25  years  ago  to  be  simple  and  modular. 
That’s  how  dozens  of  extensions  have  been  successfully  added  over  the  years  to,  for  example, 
integrate  DNS  with  DHCP,  route  VOIP  calls,  lookup  RFID  tags,  and  use  international  character  sets.  All  aspects 
of  the  DNS  are  larger  now.  The  email  that  needed  one  DNS  lookup  in  1983  now  needs  dozens  for  delivery  and 

spam  checking  -  not  to  mention  a  billion  or  so  new  public  and  private  domain  names. 

But  don’t  let  this  seeming  complexity  get  you  down. 


The  first  key  for  dealing  with  this  challenge  is  to  select  tools  that  have  been  tested, 
proven  and  use  the  same  simple  and  modular  approach.  That  way,  effort  in  one 
application  helps  another.  At  Nominum,  we  tested  our  ENUM  servers  to  be 
sure  that  they  could  handle  DNS  databases  that  had  millions  of 
separate  zones  and  billions  of  resource  records  and  still 
deliver  instant  server  restarts  and  still  deliver  industry-leading 
performance.  That  meant  that  when  a  huge  antispam 
database  application  came  our  way  we  knew 
there  was  no  scaling  issue. 

The  second  key  is  to  use  the  advanced  technology  to 
monitor  and  control  your  DNS  (and  DHCP)  systems. 
You  shouldn’t  expect  your  sysadmins  to  validate 
security  credentials  by  hand  or  learn  new  languages 
when  your  business  goes  international.  Human  error  is 
always  a  concern.  DNSStuff  uses  its  own  dedicated 
network  assets  to  monitor  your  DNS  systems  at  a  level 
of  detail  unmatched  by  other  tools,  then  it  uses  its 
proprietary  algorithms  to  give  you  the  most  specific 
results  and  actions  to  fix  any  problems.  When  new  DNS 
applications  and  extensions  are  added,  DNSStuff  tools 
are  there.  Not  all  DNS  tools  are  created  equal. 

Paul  Mockapetris,  Father  of  DNS,  invented  1983 


■1  DNSstuff.com 

WHEN  GOOD  ISN’T  GOOD  ENOUGH. 
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Wireless 

continued  from  page  11 

devices,  or  the  data  on  them.  “IT  needs  to  get 
control  of  wireless  [mobility]  within  their  com¬ 
pany  he  says. 

Taking  control  falls  into  four  broad  areas, says 
Jack  Gold,  principal  of  J.  Gold  Associates,  a 
mobile  consulting  company:  securing  and 
managing  every  device;  managing  every  con¬ 
nection;  protecting  every  piece  of  data;  and 
educating  every  user. 

Mobile  devices,  whether  bought  by  the 
company  or  by  the  individuals,  are  accessing 
company  networks  and  compa¬ 
ny  data.  Device  security  and  man¬ 
agement  are  closely  intertwined, 
because  you  have  to  be  able  to 
monitor  the  devices  in  order  to 
enforce  policies. 

In  most  cases,  practitioners  rec¬ 
ommend  standardizing  on  two  or 
three  mobile  device  models,  mini¬ 
mizing  the  support,  security  and 
management  challenges.  “Other 
smartphones  [brought  in  by 
users]  might  not  be  capable  of 
supporting  your  specific  security 
and  administration  polices,” 

Salmon  says. 

Using  mobile  device  passwords 
or  PINs  is  advised.  “If  your  enter¬ 
prise  doesn’t  enforce  a  password 
policy  on  those  devices, you  might 
as  well  stop  with  all  your  [other] 
security  measures,”  Croft  says. 

Salmon  favors  PINs,  coupled 
with  a  limit  on  the  number  of  ac¬ 
cess  attempts.  After  that  number, 
the  next  attempt  triggers  an  auto¬ 
matic  lock  or  wipe  of  the  hand¬ 
held. 

Enforcing  effective  passwords  is 
one  of  the  essentials  at  Florida 
Hospital,  in  Orlando,  where  wire¬ 
less  notebooks  are  widely  used  by 
staff  and  nurses,  along  with  Black- 
Berries  for  e-mail. The  hospital  also 
is  exploring  what’s  involved  in 
granting  access  to  clinical  systems 
from  physicians’  smartphones. 

The  hospital  enforces  regularly 
changed  passwords  (a  function  of 
its  enterprisewide  identity  man¬ 
agement  infrastructure),  up-to-date  antivirus 
software  and  some  ability  to  remotely  wipe 
data  from  mobile  clients,  says  Todd  Franz,  asso¬ 
ciate  CTO. “We  see  the  need  to  protect  the  data 
on  these  mobile  devices  just  as  much  as  we  do 
on  a  desktop  PC,”  he  says. 

On  selected  notebooks,  the  hospital  also  uses 
the  CompuTrace  service  from  Absolute  Soft¬ 
ware,  a  kind  of  “LoJack  for  laptops.”  A  stolen 
computer  can  be  traced  and  tracked  down. 
Franz  won’t  say  how  often  hospital  laptops 
have  been  stolen,  but  the  hospital  has  success¬ 
fully  resolved  100%  of  the  cases  involving 
CompuTrace-protected  laptops.  According  to 


some  accounts,  10%  to  15%  of  all  mobile 
devices  go  missing. 

Consider  using  comprehensive  device  man¬ 
agement  applications  such  as  Sybase’s  Afaria, 
Credant’s  Mobile  Guardian,  Nokia’s  Intellisync, 
Microsoft’s  System  Center  Mobile  Device 
Manager,  and  others  from  Checkpoint  and  Trust 
Digital. These  policy-driven  suites  blend  moni¬ 
toring  and  enforcement  capabilities  that  focus 
on  mobile  clients,  and  typically  work  with 
back-end  authentication  and  other  servers. 

It’s  also  important  to  have  the  ability  to 
wipe,  lock  or  kill  any  mobile  device  that’s 
stolen,  lost  or  unaccounted  for  on  a 


moment’s  notice,  including  its  SD  card  if  it 
has  one.  A  network  manager  should  be  able 
to  issue  a  command  that  locks  a  device  until 
the  right  password  is  used,  wipes  or  deletes 
some  or  all  of  the  corporate  data  on  it,  or 
shuts  it  down  entirely,  Croft  says. 

“These  connections  are  a  pretty  significant 
exposure  if  they’re  not  done  right,”  Gold  says. 
“Don’t  leave  it  up  to  the  end  users.” 

These  practitioners  favor  enforcing  VPN  con¬ 
nections  with  IPSec  for  mobile  deployments. 
“SSL,  which  uses  TCP  Port  443,  is  the  path  of 
least  resistance,”  Enterprise  Mobile’s  Salmon 
says.  “I  consider  this  the  weaker  of  the  two 


options.”That’s  chiefly  because  while  the  target 
server  has  a  certificate  and  is  trusted,  the  SSL 
client  is  not.  IPSec  requires  that  ports  have  to 
be  specifically  opened,  but  both  ends  of  the 
connection  have  certificates,  he  says. 

A  related  issue  is  allowing  mobile  devices  to 
connect  only  if  they  pass  muster.  Is  the  antivirus 
software  up-to-date?  Is  the  VPN  active?  Is  the 
Wi-Fi  connection  from  a  public  hotspot? 

Selective  data  encryption  should  be  an 
essential  item  in  any  mobile  deployment. 

With  a  managed  mobile  device,  you  can  dis¬ 
tribute  and  enforce  encryption  policies  for 
specific  data.  “Document  folders,  your  e-mail 
in-box,  user  data,  contacts,  certifi¬ 
cates,  and  so  on  as  the  kinds  of 
things  that  should  be  encrypted,” 
Gold  says.  Also  consider  encrypt¬ 
ed  or  encryptable  removable  stor¬ 
age  devices,  such  as  high-capacity 
SD  cards,  he  says. 

“Unless  you’re  in  a  ‘James 
Bond  environment,’  most  en¬ 
cryption  levels  will  give  you  far 
more  security  than  sending  an 
unencrypted  e-mail  over  the  In¬ 
ternet,  which  happens  all  the 
time,”  Croft  says. 

Educating  every  user 

“Few  companies  educate  end 
users  on  the  proper  procedures 
and  policies  to  safeguard 
[mobile]  corporate  assets,”  Gold 
says.“Get  the  users  on  your  side.” 

“The  greatest  vulnerability  is 
human,”  Salmon  says.  “If  a 
stranger  asked  to  borrow  your 
laptop  for  five  minutes  to  check 
his  stock  portfolio, you’d  say ‘No!’ 
because  you’ve  been  educated 
about  the  risks.  There’s  no  way 
you’re  going  to  let  a  stranger  use 
your  laptop.  The  same  thinking 
has  to  apply  to  your  mobile 
phone.” 

To  school  its  nurses  in  mobile 
technology,  Florida  Hospital  relies 
on  trainers  who  also  have  been, or 
are,  nurses.  “They  speak  the  same 
language  as  the  users,”  Franz  says. 
“We  try  to  keep  IT  people  out  of 
the  way  of  this  training,  because 
they  do  not  speak  the  same  lan¬ 
guage.” 

Franz  makes  a  key  point  about  nurses  and 
mobile  technology  that’s  relevant  to  all  such 
deployments.  “People  don’t  go  to  nursing 
school  to  become  a  clerk-typist,”  he  says. 
“They  go  because  they  want  to  help  people. 
Technology  can  assist  them  in  doing  that.” 

Acceptable-use  policies  should  be  short  and 
to  the  point,  otherwise  they  won’t  get  read. 
Training  should  cover  all  the  elements  (ex¬ 
plaining  the  device,  applications  and  intended 
usage),  says  Alphons  Evers,  global  solutions 
manager  with  the  mobility  practice  of  Getron- 
ics,a  global  IT  services  company  ■ 


Eaton  expertise  in  a  UPS. 

Uninterruptibiiity  from  Eaton®  is  an  iron-clad 
promise,  backed  by  a  $13B  global  organization 
and  a  century-long  heritage  with  power  protection, 
distribution  and  management  expertise.  That 
expertise  has  grown  to  include  the  Powerware® 
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Watching  for  Windows  7 

Microsoft  Windows  7  is  two  years  away  but  features,  directions  are  emerging 


BY  JOHN  FONTANA 

One  stone-cold  fact  about  Windows  7  is  that 
ve  need  more  stone-cold  facts  in  order  to 
inderstand  the  new  operating  system  that  is 
ikely  to  arrive  in  early  2010. 

The  company  has  said  some  of  those  facts 
vill  come  in  late  October  and  early  November 
luring  two  of  its  major  confer- 
mces  —  the  Professional  Devel- 
>pers  Conference  (Oct. 27-30)  and 
he  Windows  Hardware  Engineer- 
ng  Conference  (Nov.  5-7). 

What  is  known  beyond  the  Win- 
iows  7  code  name  is  that  Micro- 
oft  is  building  the  operating  sys- 
em  on  the  Windows  Vista  code 
>ase  in  order  to  avoid  the  sort  of 
ipplication-compatibility  prob- 
ems  that  plagued  Vista  early  in  its 
elease.The  new  interface  will  fea- 
ure  the  Ribbon  toolbar  through- 
rut,  and  the  server  version  will  add 
he  much-anticipated  live  migra- 
ion  feature  to  the  virtualization 
:apabilities. 

Sifting  through  the  rest  of  the 
nformation,  rumors  and  tidbits 
rut  there,  here  are  seven  things  to 
enow  about  Windows  7  now. 

1.  Betas.  A  beta  version  called 
Milestone  3  is  in  the  hands  of 
esters,  according  to  Mary  Jo 
•oley’s  “All  about  Microsoft”  blog. 

,Tie  early  release  is  out  to  a  select 
<roup  and  Foley  is  saying  Beta  1, 
he  first  public  beta,  will  be  re¬ 
eased  by  year-end.  Other  handi- 
eappers  say  it  looks  like  the  Win- 
iows  Hardware  Engineering  Con- 
erence  (WinHEC)  could  be  the 
rlace  it  is  released.  Others  are 
rointing  to  the  Professional  Devel- 
rpers  Conference  (PDC)  as  the 
'enue  where  the  Windows  7  Beta  1 
vill  be  introduced. 

2.  Final  release.  As  far  as  the  final 
elease  time  frame,  Microsoft 
JeniorVice  President  Bill  Veghte  sent  a  letter  in 
une  to  enterprise  and  business  customers  say- 
ng  “our  plan  is  to  deliver  Windows  7  approxi- 
nately  three  years  after  the  January  2007  gen¬ 
ial  availability  launch  date  of  Windows  Vista.” 
>uch  clarity  from  Microsoft  is  often  lacking  in 
hese  announcements,  but  pundits  are  inter¬ 
acting  Veghte’s  message  to  mean  late  2009.  In 
•ebruary,  Bill  Gates,  then  chief  software  archi- 
ect,  hinted  at  the  same  time  frame.  Some  re- 
)orts  have  said  the  ship  date  will  be  as  early  as 
une  2009. 

3.  Development.  Many  are  asking  why  Micro- 
oft  has  a  chance  of  completing  the  operating 


system  on  such  an  ambitious  schedule  given 
the  five  years  it  took  to  get  out  Vista.  One  major 
reason  is  Steven  Sinofsky  who  took  over  Win¬ 
dows  development  in  2006  as  Vista  limped  to  its 
finish  line.  Sinofsky  is  best  known  for  his  work¬ 
manlike  schedule  for  pumping  out  versions  of 
Microsoft  Office  on  a  regular  18-month  cycle. 
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new  quick-install  features.The  glaring  omission 
for  IT  is  a  dive  into  features  that  might  make 
their  lives  easier. 

5.  Server  version.  While  the  client  operating 
system  is  being  touted  as  a  major  release  (with 
minor  revisions  to  the  base  Vista  code),  the 
server  version  is  a  minor  release.  Microsoft  has 
announced  that  Windows  7  will 
actually  be  what  was  originally 
planned  as  Windows  Server  2008 
R2.  A  few  weeks  ago,  Microsoft 
confirmed  that  R2  would  bring 
live  migration  to  its  virtualization 
platform  and  that  the  server  was 
on-target  to  ship  in  early  2010. 

6.  Users.  Ship  dates  will  be  im¬ 
portant.  For  Vista  users  with  Soft¬ 
ware  Assurance  maintenance  con- 


and  MGE  Office  Protection  Systems™  product 
families.  Today  the  Eaton  label  is  found  on 
UPSs  with  the  highest  efficiency,  smallest 
footprint,  lightest  weight,  and  easiest  installation 
available  to  help  you  meet  your  power 
challenges — and  power  through. 


4.  Features.  There  are  a  few  solids  here,  but 
speculation  is  clearly  up  and  churning.  In  May 
Gates  and  CEO  Steve  Ballmer  gave  the  first 
Windows  7  demonstration,  showing  off  multi- 
touch  screen  technology.  Gates  also  said  be 
fore  his  retirement  in  July  that  synchronization 
between  Microsoft’s  Live  Services  and  Win¬ 
dows  7  would  figure  prominently  as  would  dig¬ 
ital  ink  and  speech  features. There  are  hints  of 
a  more  modular  operating  system,  much  like 
Windows  Server  2008  Server  Core,  and  perfor¬ 
mance  boosts.  Recent  screen  shots  from  the 
Milestone  3  beta  show  the  Ribbon  toolbar  in 
Wordpad  and  Paint.  There  is  also  evidence  of 


Microsoft's  Steven  Sinofsky 
is  under  pressure  to  pump 
out  Windows  7  on  schedule. 


tracts,  Windows  7  is  already  paid 
for  as  along  as  it  ships  within  the 
length  of  the  contract.  Users  who 
are  still  buying  XP  via  downgrade 
rights  through  Vista  Business  and 
Ultimate  will  have  mainstream  XP 
support  until  April  14,  2009.  Main¬ 
stream  support  includes  such 
options  as  no-charge  incident  sup¬ 
port,  paid  incident  support,  sup¬ 
port  charged  on  an  hourly  basis, 
support  for  warranty  claims  and 
hot-fix  support.  If  Windows  7  ships  in  mid-2009, 
April  could  offer  a  tidy  migration  point  to  begin 
getting  the  upgrade  cycle  cranked  up. 

7.  Stay  tuned.  Microsoft  has  launched  a  Web 
site  called  “Engineering  Windows  7”  that  is  host¬ 
ed  by  Sinofsky  and  his  senior  engineering  man¬ 
agement  colleague  Jon  DeVaan.The  blog  has 
provided  little  in-depth  information  about  Win¬ 
dows  7’s  features,  but  Sinofsky  did  say  a  major 
team  goal  is  to  “promise  and  deliver’  Promises 
are  what  helped  make  Vista  feel  like  a  consola¬ 
tion  prize.  But  so  far  the  blog  has  only  turned  up 
tidbits  like  this:  “Our  goal  is  about  building  an 
awesome  release  of  Windows  7.”B 
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Skype  teams  up 
with  Digium 

BY  TIM  GREENE 

Skype  is  becoming  a  more  credible  IP 
phone  option  for  businesses  through  a  new 
alliance  with  Digium,  whose  open  source  IP 
PBXs  will  add  better  control  over  Skype’s  peer- 
to-peer  voice  technology 

The  alliance  could  mean  cheaper  calling  for 
businesses  and  their  customers  by  adding 
Skype’s  inexpensive  Internet-based  calling 
into  the  business-telephony  mix. 

The  two  companies  announced  the  avail¬ 
ability  of  a  beta  program  for  their  Skype  For 
Asterisk  software  at  last  week’s  session  of 
AstriCon. 

With  Skype  For  Asterisk,  businesses  can  give 
their  Asterisk  PBXs  presence  on  the  Skype  net¬ 
work  and  let  their  customers  who  use  Skype 
call  these  businesses  over  the  Internet  from 
anywhere  at  no  cost  beyond  their  ISP  fees. 

Incoming  calls  would  be  received  by  the 
Asterisk  PBX  and  queued  along  with  other 
incoming  calls  from  traditional  carrier  net¬ 
works,  says  Danny  Windham,  Digium’s  CEO. 

Outbound  calls  to  other  Skype  users  would 
also  be  free,  and  businesses  using  Skype  For 
Asterisk  could  buy  buckets  of  inexpensive  call 
minutes  from  the  SkypeOut  service  to  call 
non-Skype  phones.  Using  Asterisk’s  least-cost- 
routing  feature,  using  SkypeOut  minutes  could 
become  an  alternative  to  other  service  pro¬ 
vider  call-transport  services,  he  says.  “They 
could  use  Skype  as  a  carrier  choice.” 

Businesses  using  Asterisk  now  can  apply  to 
be  part  of  the  Skype  For  Asterisk  beta  program. 
The  two  companies  are  looking  for  a  range  of 
customer  uses  of  the  IP  PBX  so  they  can 
choose  beta  testers  that  will  stress  the  Skype 
For  Asterisk  in  a  range  of  different  ways. 

After  the  limited  beta,  the  software  will  be 
opened  to  public  beta  testing  and  finally 
turned  into  a  commercial  product.  Skype  For 
Asterisk  works  only  with  Asterisk  Version  1.4 
and  1 .6  and  not  with  earlier  versions. 

Skype  already  has  Skype  For  Business  ser¬ 
vices  but  cannot  supply  certain  features  such 
as  handling  high  volumes  of  incoming  calls. 
That  would  require  individual  Skype  names 
for  each  employee  who  might  receive  calls. 
With  Skype  For  Asterisk,  a  few  Skype  names 
can  be  associated  with  the  IP  PBX,  which  can 
answer  and  distribute  the  calls,  says  Stefan 
Oberg,vice  president  and  general  manager  for 
Skype  Telecom  and  Skype  for  Business.This  is 
similar  to  using  a  trunk  line  and  a  traditional 
PBX  vs.  having  individual  phone  lines  to  each 
employee’s  desk. 

Oberg  says  the  alliance  gives  Skype  a  busi¬ 
ness  advantage  it  doesn’t  have  now,  namely  a 
hook  into  value-added  resellers  who  sell  gear 
to  end  user  businesses.  Digium  has  such  a  VAR 
network  that  will  support  Skype  For  Asterisk. 
Skype  currently  sells  directly  to  end  users.  ■ 


Microsoft 

continued  from  page  1 

most  competent  move  to  offer  parallel  com¬ 
puting  horsepower  to  corporations  doing 
more  real-time  simulations,  designs  and  num¬ 
ber  crunching. 

But  the  road  is  decidedly  uphill. 

Microsoft  currently  lays  claim  to  less  than  5% 
of  HPC  server  market  revenue,  according  to 
IDC.  Those  numbers  compare  with  74%  for 
Linux  and  just  more  than  21%  for  Unix  variants. 

In  addition,  competitors  such  as  Red  Hat 
have  been  offering  its  Enterprise  Linux  for  HPC 
Compute  Nodes  since  last  year.  And  Sun  late 
last  year  reentered  the  HPC  fray  with  its  Con¬ 
stellation  System. 

Those  sorts  of  challenges,  however,  have  not 
deterred  Microsoft  in  the  past. 

The  company  is  betting  users  such  as  engi¬ 
neers  will  combine  workflows  running  on 
their  Windows  workstations  with  Windows- 
based  back-end  HPC  clusters,  or  move  those 
workloads  off  the  desktop  and  into  an  HPC 
infrastructure. 

Microsoft  also  envisions  such  desktop/back- 
end  combinations  as  Excel  users  performing  a 
function  call  from  their  desktop,  which  in  the 
background  executes  an  agent  that  runs  some 
computational  algorithms  on  a  networked  HPC 
cluster  and  returns  an  answer.  The  user  would 
have  no  concept  of  the  back-end  tied  to  Excel, 
which  is  widely  used  in  financial  services. 

Since  the  2006  release  of  Windows  Compute 
Cluster  Server  2003,  Microsoft  has  been  work¬ 
ing  with  partners  such  as  HP  and  Intel  to  cre¬ 
ate  mass  market  appeal  for  HPC  and  the  mes¬ 
sage  may  finally  be  striking  a  chord  as  prices 
drop  and  performance  rises  on  technical  com¬ 
puting  platforms. 

But  Microsoft,  experts  say  isn’t  likely  to  re 
place  high-end  HPC  environments  built  on 
Linux  and  Unix.The  real  opportunity  is  appeal¬ 
ing  to  new  buyers  with  a  Windows  desktop 
infrastructure  looking  anew  at  HPC  for  work¬ 
groups  or  departments. 

IDC  says  HPC  hardware  revenue  2007  alone 
generated  by  workgroup  and  departmental 
platforms  was  nearly  $5.5  billion,  just  more 
than  half  of  the  $10  billion  total. The  prices  on 
platforms  in  those  segments  range  from 
$100,000  and  below  (workgroup)  to  $100,000 
to  $250,000  (departmental). 

Microsoft’s  recent  hardware-software  partner¬ 
ship  with  Cray  on  the  CXI  “personal”  super¬ 
computer  aimed  at  financial  services,  aero¬ 
space,  automotive,  academia,  and  life  sciences 
and  priced  at  $25,000  is  testament  to  Micro¬ 
soft’s  plan  —  as  is  the  $475  per  node  price  of 
HPC  Server  2008. 

That’s  not  to  say  Microsoft  won’t  make  a  run 
for  the  top.  Earlier  this  year,  a  Windows  Server 
2008  HPC  cluster  built  by  the  National  Center 
for  Supercomputing  Applications  garnered  a 
No.  23  ranking  on  the  list  of  the  world’s  top  500 
largest  supercomputers,  achieving  68.5  ter- 
aflops  and  77.7%  efficiency  on  9,472  cores. 

But  experts  say  Microsoft’s  sweet  spot  will  be 


Microsoft’s  recent  hardware-soft¬ 
ware  partnership  with  Cray  on  the  CXI 
“personal”  supercomputer  is  only 
part  of  its  plan  to  bring  parallel  pro¬ 
cessing  power  to  the  masses. 


much  lower  down  the  list. 

“The  Microsoft  strategy  is  aiming  hardest  at 
verticals  where  Windows  is  strong  on  the  desk¬ 
top  and  then  extending  that  Windows  environ¬ 
ment  upward, ’’says  Steve  Conway, research  vice 
president  for  technical  computing  at  IDC.  “It 
includes  applications  such  as  Excel  and  tools 
like  Visual  Studio  so  people  can  unify  their 
desktop  and  server  workflow” 

Microsoft  also  plans  to  integrate  HPC  Server 
with  its  System  Center  tools  for  application- 
level  monitoring  and  rapid  provisioning  by  re¬ 
leasing  an  HPC  Management  Pack  for  System 
Center  Operations  Manager  by  year-end, 
according  to  Ryan  Waite,  product  unit  manag¬ 
er  for  HPC  Server  2008. 

The  company  is  aligning  HPC  Server  2008 
with  Visual  Studio  Team  Services,  and  F#  a 
development  language,  designed  to  help  write 
new  applications  and  rewrite  old  ones  for  par¬ 
allel  computing  environments. 

“We  are  looking  at  the  holistic  system,”  says 
Vince  Mendillo,  director  of  HPC  in  the  server 
and  tools  division  at  Microsoft. 

Familiarity  is  the  big  theme.  Windows  HPC 
Server  2008  is  built  on  the  64-bit  edition  of 
Windows  Server  2008. The  platform  combines 
into  a  single  package  the  operating  system 
with  a  message  passing  interface  and  a  job 
scheduler  built  by  Microsoft. 

The  server  software,  built  to  scale  to  thou¬ 
sands  of  cores,  also  includes  a  high-speed 
NetworkDirect  RDMA,  Microsoft’s  new  remote 
direct  memory  access  interface,  and  cluster 
interoperability  through  standards  such  as  the 
High  Performance  Computing  Basic  Profile 
specification  produced  by  the  Open  Grid 
Forum.  The  server  features  high-speed  net¬ 
working,  cluster  management  tools,  advanced 
failover  capabilities  and  support  for  third-party 
clustered  file  systems. 

“HPC  is  no  longer  a  niche  either  in  terms  of 
hardware  platform  or  in  terms  of  pervasive¬ 
ness,”  Illuminata’s  Haff  says.“For  the  most  part,  it 
is  using  volume  hardware  and  is  being  applied 
to  all  kinds  of  problems  in  all  kinds  of  compa¬ 
nies  and  organizations.”* 
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Android  battles  the  iPhone 


BY  BRAD  REED 

While  T-Mobile’s  Android-powered  G1  phone 
is  intended  to  take  on  Apple’s  iPhone,  it  has  a 
long  way  to  go  before  it  can  be  considered  an 
enterprise  device. 

When  Apple  decided  it  wanted  the  iPhone  to 
be  taken  seriously  as  a  possible  enterprise 
device,  it  added  features  to  give  it  appeal  to  cor¬ 
porate  users  and  IT  departments.  Among  the 
most  crucial  was  access  to  Microsoft’s  Ex¬ 
change  ActiveSync,  the  licensed  data  synchro¬ 
nization  protocol  whose  built-in  support  will 
give  IT  departments  the  ability  to  set  password 
policies,  determine  VPN  settings  and  perform 
remote  data  wipes  on  iPhones  that  have  been 
lost  or  stolen.  Apple  also  says  the  iPhone  will 
have  access  to  Cisco  IPsec  VPN  technology 

The  Gl,  on  the  other  hand,  doesn’t  have  any 
of  these  features  and  is  unlikely  to  have  them 
in  the  near  future  unless  a  third-party  develop¬ 
er  creates  them.When  asked  about  adding  sup¬ 
port  for  Microsoft  Exchange  to  the  Gl  last 
week,  Google  mobile  platform  director  Andy 
Rubin  said  he  didn’t  anticipate  doing  so,  but 
such  features  were  “the  perfect  opportunity  for 
third-party  developers.” 

Cole  Brodman,  the  chief  technology  and 
innovation  officer  forT-Mobile  USA, took  things 
a  step  further  and  said  the  company  “expects 


the  Gl  to  be  more  of  a  consumer  device  and 
not  an  enterprise  device.” 

Even  though  the  Gl  is  unlikely  to  become  a 
staple  device  supported  on  corporate  IT  net¬ 
works  soon,  it  does  have  some  attractive  fea¬ 
tures  that  compare  well  with  the  iPhone.  Here 
is  how  the  iPhone  and  the  Gl  stack  up: 

Call  quality:  Although  no  one  has  yet  seen 
how  well  T-Mobile’s  cellular  network  will  per¬ 
form  under  the  demands  of  the  Gl  phone,  we 
can  examine  both  T-Mobile’s  and  AT&T’s  past 
reputations  for  call  quality  Although  AT&T  has 
typically  ranked  ahead  of  T-Mobile  in  JD 
Bower’s  annual  wireless  service  surveys,  the  lat¬ 
est  survey  shows  the  two  carriers  are  now  even 
in  terms  of  call  quality  and  in  service  reliability 
Smartphone  users  who  look  for  call  quality  first 
and  foremost,  however,  might  consider  passing 
over  both  the  iPhone  and  the  Gl  for  a  smart¬ 
phone  from  Verizon,  which  has  for  years  come 
out  on  top  of  JD  Power’s  call  quality  surveys. 

3G  network  coverage:  While  AT&T  and  T- 
Mobile  have  GSM-based  3G  data  networks, 
AT&T  has  an  edge  in  range  of  coverage.  In  May 
AT&T  announced  that  it  had  finished  deploying 
its  3G  HSPA  network  that  would  deliver  down¬ 
link  speeds  of  1.7Mbps  to  350  U.S.  markets  by 
year-end.  T-Mobile, in  contrast, is  only  rolling  out 
its  3G  UMTS  coverage  this  spring,  and  the  carri¬ 


er  estimates  it  will  have  3G  service  available  in 
20  to  30  markets  by  year-end.  Both  devices  also 
support  Wi-Fi  connections. 

Operating  systems:  The  good  news  for  Micro¬ 
soft  haters  is  that  neither  of  these  phones  runs 
on  Windows  Mobile.  After  that,  however,  it 
comes  down  to  a  personal  preference.  The 
iPhone’s  Mac  OS  X  has  set  the  bar  for  mobile 
operating  platforms  in  terms  of  familiarity  and 
ease  of  use,  but  Google  is  hoping  that  Android 
will  appeal  to  users  who  don’t  want  to  have  a 
“walled  garden”  approach  to  their  mobile 
Internet.  Software  and  application  developers 
could  find  a  lot  to  like  with  Android,  which  has 
an  open  source  code  and  which  will  support 
all  third-party  applications. 

Cost  Apple  and  AT&T  turned  a  lot  of  heads 
after  they  slashed  the  price  of  the  iPhone  3G  to 
$199.  T-Mobile  and  Google  are  doing  them  one 
better  by  selling  the  G 1  for  $  1 79.  The  cost  of  the 
device  is  only  part  of  the  equation, however  — 
service  costs  must  be  taken  into  account  as 
well.  AT&T  charges  iPhone  users  $30  a  month 
for  data  plans  and  $40  a  month  for  voice  ser¬ 
vices.  T-Mobile  charges  $25  for  a  limited  data 
plan  and  $35  for  a  data  plan  that  includes 
unlimited  Internet  usage  but  that  slows  down 
your  connection  speed  if  you  consume  more 
than  1GB  of  data  per  month.  ■ 
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Ellison  pitches  hardware 

Oracle  software  marries  HP  servers  to  offer  high-end  DB  package 


BY  JAMES  NICCOLAI  AND  CHRIS 
KANARACUS,  IDG  NEWS  SERVICE 

SAN  FRANCISCO  —  Oracle  saved  the 
biggest  news  for  last  at  its  OpenWorld  confer¬ 
ence  in  San  Francisco.  CEO  Larry  Ellison  took 
the  stage  last  week  to  announce  two  hardware 
products  developed  with  HP  that  are  designed 
to  provide  very  high  performance  for  data 
warehousing  applications. 

Calling  them  “Oracle’s  first  hardware  prod¬ 
ucts,”  Ellison  introduced  the  HP  Oracle  Data¬ 
base  Machine  and  the  HP  Oracle  Exadata 
Storage  Server,  which  are  preconfigured  server 
racks  including  Oracle  software  and  HP  Pro¬ 
Liant  servers. 

The  Exadata  Storage  Server  includes  a 
dozen  disk  drives  and  two  quad-core  Intel 
processors  that  are  used  to  conduct  database 
query  operations  on  the  storage  equipment, 
reducing  the  amount  of  data  that  has  to  be 
shuttled  back  to  the  database  server. This  gives 
a  10-fold  performance  boost  compared  with 
Oracle’s  current  data  warehouse  products, 
according  to  Ellison. 

“The  storage  system  itself  runs  the  Oracle 
database’s  fast  parallel  query  software,  so  we 
took  the  capability  you  normally  find  in  the 
database  servers  and  moved  it  into  the  storage 
server  next  to  each  and  every  disk  drive,” 
Ellison  said. 

The  storage  servers  can  be  ordered  sepa¬ 
rately  for  use  with  an  existing  Oracle  data 
warehouse,  or  as  part  of  the  HP  Oracle  Data¬ 
base  Machine,  which  includes  eight  Oracle 
database  servers  and  14  Exadata  Storage 
Servers  in  one  rack.  The  database  servers  in¬ 
clude  64  Intel  processor  cores,  Oracle’s  busi¬ 
ness  intelligence  software  and  its  Real  Appli¬ 
cation  Clusters  technology 

Each  storage  server  is  connected  to  the  data¬ 
base  server  with  two  InfiniBand  pipes.  Each 
can  carry  data  at  20Gbps,  but  the  speed  of  the 
system  is  limited  to  the  speed  of  the  disk  dri¬ 
ves,  which  limit  the  throughput  speed  to 
lGbps,  Ellison  said.  The  Storage  Servers  in¬ 
clude  up  to  168TB  of  storage,  he  said. 

Ever  the  showman,  Ellison  chuckled  with 
delight  as  he  stood  next  to  one  of  the  hulking 
Database  Machines  on  stage.  Joking  about  the 
storage  capacity,  he  quipped,  “This  is  1,400 
times  larger  than  Apple’s  largest  iPod.” 

The  Linux  version  of  the  Database  Machine 
is  available,  he  said,  with  support  for  other 
operating  systems  to  follow.  He  said  the  Exa¬ 
data  Storage  Server  will  work  with  “any  Oracle 
database  server^’  suggesting  customers  won’t 
have  to  be  using  the  current  llg  version  for 
their  data  warehouse. 

The  Database  Machine  is  priced  at  $4,000 
per  terabyte  of  storage,  plus  the  database 
license  costs,  Oracle  said. The  systems  can  be 


“This  is  1,400 
times  larger  than 
Apple's  largest 
iPod.” 

Larry  Ellison 

CEO  of  Oracle  on  the 
company’s  high-speed 
HP  Oracle  Database 
Machine 

ordered  from  Oracle,  and  Oracle  will  be 
responsible  for  sales  and  support,  while  HP 
will  handle  the  delivery  and  servicing  of  the 
hardware. 

As  Oracle  enters  the  hardware  game,  data  in 
the  enterprise  “is  proliferating  at  astonishingly 
high  rates,”  Ellison  said. 

“That  creates  a  fundamental  problem.  The 
disk  storage  systems  that  are  available  today  . . . 
can  store  10, 100T  bytes  of  data,  but  they  can’t 
move  that  data  off  the  disks  and  into  the  data¬ 
base  servers  very  fast,”  he  said. 

There  are  two  ways  to  solve  the  data  band¬ 
width  problem,  he  said:  reduce  the  amount  of 
data  going  through  the  pipes  or  make  the 
pipes  wider.  Oracle  did  both,  he  said.  He 
claimed  the  resulting  product  is  much  faster 
than  competing  data  warehousing  systems 
like  those  sold  by  Teradata  and  Netezza. 

“Teradata  has  no  intelligence  in  their  storage 
server  whatsoever.  None,”  Ellison  said,  while 
allowing  that  Teradata’s  database  is  “pretty 
sophisticated.” 

“Netezza  does  very  fast  table  scans,”  he  said, 
“but  their  overall  database  capability  is  really 
primitive.” 

Netezza’s  president,  Jim  Baum,  shot  back 
quickly  in  a  statement.  He  dismissed  the 
Oracle-HP  products,  saying  data  warehouses 
need  to  be  designed  “from  the  ground  up”  by 
engineers  in  the  same  company,  not  patched 
together  “with  glue  and  spit.” 

A  Teradata  spokesman  was  more  diplomatic. 

“On  a  high  level,  it’s  very  difficult  for  us  to 
comment  on  the  performance  claims  of 
Oracle. ...  We  respect  all  of  our  competitors 
and  look  forward  to  competing  against  Oracle 
with  this  new  offering,”  said  Randy  Lea, 
Teradata  vice  president  of  product  and  ser¬ 
vices  marketing. 

In  a  blog  posting,  Forrester  Research  analyst 
James  Kobielus  called  the  products  “a  bold 
move  into  petabyte  scale-out  territory,  an 
emerging,  very-high-end  niche  in  which  one 
veteran  vendor,  Teradata,  has  been  pre-emi¬ 
nent.” 

Kobielus  also  saw  a  challenge  to  Netezza. 


“Like  that  vendor’s  appliance,  the  Oracle 
Database  Machine  offloads  SQL  query  pro¬ 
cessing  and  large-table  scans  to  an  intelligent 
storage  layer”  he  wrote.“Whereas  Netezza  uses 
a  technique  that  involves  field-programmable 
gate  arrays, Oracle  has  leveraged  its  llg  tech¬ 
nology  to  parallelize  query/scan  execution  to 
a  massively  parallel  pool  of  Exadata  storage 
cells.” 

Oracle’s  storage  layer  is  transparent  to  appli¬ 
cations,  meaning  they  don’t  need  to  be  rewrit¬ 
ten  to  see  performance  gains,  he  wrote.  That 
said,  Oracle  is  “just  one  of  several  [data  ware¬ 
house]  vendors  that  have  petabyte-scale  solu¬ 
tions.  It’s  best  not  to  get  all  whipped  up  in  a 
lather  by  an  artfully  constructed  event-based 
marketing  tease.” 

In  other  news  from  the  OpenWorld  show: 

•  Oracle  said  it  is  aiming  to  get  the  first  ver¬ 
sion  of  Fusion  Applications  into  the  hands  of 
early  adopters  in  2009.  Fusion  apps  are  sup¬ 
posed  to  combine  “best-of-business”  capabili¬ 
ties  from  Oracle’s  various  product  lines,  which 
include  E-Business  Suite,  J.D.  Edwards,  Pfeople- 
Soft  and  Siebel.To  date, Oracle  has  only  shown 
off  a  handful  of  Fusion  applications,  which 
were  oriented  around  CRM,  and  the  project 
overall  has  been  dogged  by  concerns  that  it  is 
behind  schedule. 

•  The  company  introduced  an  application 
grid  that  employs  technology  acquired 
through  its  purchase  of  BEA  Systems  that  can 
help  IT  shops  respond  to  spikes  in  demand  for 
a  given  application.  Application  grids  eschew 
the  traditional  approach  that  dedicates  a 
piece  of  hardware  to  serving  a  particular 
application.  Instead,  the  grid  format  creates  a 
pool  of  resources  that  can  be  provisioned 
dynamically  at  runtime. 

•  Oracle  said  it  is  now  offering  its  1  lg  data¬ 
base,  Fusion  Middleware  and  Enterprise 
Manager  products  through  Amazon  Web  Ser¬ 
vices’  Elastic  Compute  Cloud  (EC2).  The  ven¬ 
dor  will  also  let  customers  use  existing  soft¬ 
ware  licenses  on  EC2  at  no  additional  cost. 

•  Oracle  rolled  out  its  Beehive  enterprise 
collaboration  platform  that  joins  the  existing 
Oracle  Collaboration  Suite.  Licenses  are 
priced  at  $120  per  user. 

•  The  company  announced  Oracle  VM  2.1.2 
server  virtualization  software,  which  includes 
certification  for  the  vendor’s  Real  Application 
Clusters  technology  ■ 
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GET  READY  TO  GO  FROM  0  TO  60  SOLUTIONS  ON 

IT’s  Most-Critical  Topics... 


The  IT  Roadmap  provided  me  with 
a  huge  amount  of  insight  into 
upcoming  trends  in  the  technology 
industry.  It  also  provided  a  great 
forum  for  me  to  ask  questions  and 
to  receive  direction  on  the  latest 
and  greatest  tools  to  perform 
crucial  IT  functions.  It  was  a  day 
well  spent. 

CHRIS  RAPP 

ASST.  VP  /  DIRECTOR  OF  TECHNOLOGY 
SOVEREIGN  BANK 

Excellent  Conference  and  Expo!!! 
Five  Stars  out  of  five. 

The  information  I  collected  in  one 
day  was  “Priceless”  and  will  keep 
me  busy  for  months. 

FREDERICK  N.  SPINGOLA 

CIO  &  VP  TECHNOLOGY 

THE  BENEFIT  SERVICES  GROUP,  INC. 


IT  Roadmap  Conference  &  Expo  continues  it’s  trek  in  2008  with  a  nationwide  tour 
including  new  cities,  new  topics,  new  speakers  and  new  sponsors!  That’s  right.  You’ll 
have  a  chance  to  attend  one  of  the  multi  city  events  we’ll  be  offering  this  year. 


You  won’t  want  to  miss  out  on  10  sessions  of  crucial  network  technology: 


>  VIRTUALIZATION 

>  ENTERPRISE  MOBILITY 

>  NETWORK  AND  APPLICATION 
ACCELERATION 

>  NAC:  NETWORK  ACCESS  CONTROL 

>  DATA  CENTER  INFRASTRUCTURE 
AND  MANAGEMENT 


>  SECURITY  AND  COMPLIANCE 

>  NETWORK  MANAGEMENT,  AUTOMATION 
&  CONTROL 

>  VOIP,  VIDEO  AND  UNIFIED  COMMUNICATIONS 

>  NEXT  GENERATION  WAN  SERVICES 

>  SAAS  AND  CLOUD  COMPUTING 


Complete  with  case  histories  from  front-line  users.  Data  from  industry  researchers. 
Insights  from  IT  specialists.  And  embedded  within. ..a  tightly-focused,  solution- 
oriented  expo  of  top  vendors. 

We  look  forward  to  seeing  you  at  IT  Roadmap! 


Qualified  Alumni  are 
PRE-APPROVED 


INTERESTED  IN  ATTENDING?  INTERESTED  IN  SPONSORING? 

www.networkworld.com/itr2008 


NEWS  ANALYSIS 


Cisco  takes  aim  at  collaboration 

Company  adds  Microsoft,  IBM  integration  and  offers  SaaS-based  mashup  tool 


Key  components  of  Cisco’s  collaboration  lineup: 


•  Unified  Communications  7.0  —  server- based  software  designed  to  enable  an  organi¬ 
zation  to  create  adaptive  workspaces.  Provides  business-to-business  federation  sup¬ 
port  for  Microsoft  Office  Communications  Server  and  Cisco  Unified  Communications 
plug-ins  for  IBM  Lotus  Sametime. 

•  WebEx  Connect  —  a  software-as-a-service  application  platform,  based  on  Cisco’s 
$3.2  billion  acquisition  of  WebEx,  for  collaborative  business  mashups  that  integrate 
presence,  instant  messaging,  Web  meetings  and  team  spaces  with  traditional  and  Web 
2.0  business  applications. 

•TelePresence  —  Cisco’s  life-size,  high-definition  virtual  meeting  and  conferencing 
systems  for  company  conference  rooms  and  offices. 


BY  JIM  DUFFY 

Cisco  sees  gold  in  all  of  us  working  together. 

Last  weeks  collaboration  splash  is  intended 
to  mine  what  Cisco  says  is  a  $34  billion  market 
for  unified  communications,  cloud  conferenc¬ 
ing  and  telepresence.  Its  refreshed  portfolio  is 
designed  to  help  companies  accelerate  busi¬ 
ness  processes  and  increase  productivity  — 
and  to  drive  home  Cisco’s  point  that  the  net¬ 
work  is  the  nerve  center  for  companywide  col¬ 
laboration. 

“It’s  one  of  the  first  proof  points  Cisco’s  had 
around  the  concept  of  network-as-a-platform,” 
says  Yankee  Group  analyst  Zeus  Kerravala  on 
last  week’s  collaboration  rollout. 

Additions  to  the  Cisco  collaboration  portfolio 
include  a  new  release  of  the  company’s  UC  soft¬ 
ware,  a  WebEx-enabled  product  for  Web  meet¬ 
ings  with  integrated  presence  and  instant  mes¬ 
saging,  and  TelePresence  customer  service. 

Cisco  contends  that  the  network  as  collabo¬ 
ration  platform  fosters  integration  between 
business  applications,  communications  de¬ 
vices  and  Web-based  tools  while  letting  IT  de¬ 
partments  maintain  their  mandates  regarding 
security,  policy  and  compliance.  Microsoft 
comes  at  it  from  a  software  perspective,  while 
IBM  touts  systems,  server  and  software  as  the 
optimal  collaboration  platform. 

Deeper  integration  with  desktops  in  those 
IBM  and  Microsoft  environments  is  one  of  the 
features  of  Cisco’s  Unified  Communications 
Release  7.0  software.  Another  is  mobility  with 
additions  that  help  extend  collaboration  fea¬ 
tures  across  workspaces. 

Still  another  is  Cisco  Mobile  Communicator 
support  for  devices  running  on  Windows 
Mobile  as  well  as  Symbian  and  BlackBerry 
operating  systems.  Unified  Communica¬ 
tions  7.0  also  scales  Cisco  Unified  Presence  to 
30,000  users  and  Cisco  Unity  to  15,000  users  on 
a  single  server,  Cisco  says. 

The  new  WebEx  Connect  is  a  software-as-a- 
service  (SaaS)  application  platform  for  collab¬ 
orative  business  mashups  that  integrates  pres¬ 
ence,  IM,  Web  meetings  and  team  spaces  with 
traditional  and  Web  2.0  business  applications. 

“It's  the  first  time  one  of  the  major  UC  ven¬ 
dors  decided  to  go  to  market  with  an  online, 


|  IT  Buyer’s  Guides 

Compare  products  and  get  up-to- 
date  buying  tips,  market  trends,  best 
practices,  tech  primers  and  more  on 
dozens  of  networking  topics  at: 

www.networkwopld.com/buyersguides 


SaaS-based  offering,”  Kerravala  says.  “The  idea 
behind  WebEx  Connect  is  to  allow  developers 
to  be  able  to  access  a  lot  of  the  UC  elements 
from  the  cloud.  It’s  the  cloud  version  of  UC. 

Cisco’s  WebEx  Connect  includes  a  number  of 
standard  applications  including  enterprise  IM, 
team  spaces,  document  management,  calen¬ 
daring  and  discussions  that  can  be  combined 
with  third-party  widgets  to  enable  companies 
to  work  from  a  single  workspace.  It  lets  admin¬ 
istrators  control  enterprise  policy  security  and 
compliance  for  secure  intercompany  collabo¬ 
ration,  Cisco  says. 

Cisco  WebEx  Connect  also  works  with  enter¬ 
prise  messaging  systems  to  provide  integrated 
communication  capabilities  within  a  collabo¬ 
rative  mashup.  One  user  is  impressed  with  its 
ease  of  use. 

“They’ve  kept  it  simple,”  says  John  Kingsley  at 
AECOM,  a  provider  of  professional  services  to 
a  range  of  vertical  markets.  “There’s  a  lot  of 
complexity  underneath  but  when  you  can  get 
something  in  front  of  them  that  doesn’t  intimi¬ 
date  [users] ,  it’s  refreshing.” 

AECOM  has  operations  globally  and  the  com¬ 
pany  plans  aggressive  growth  both  organically 
and  through  acquisition.  As  a  SaaS  platform, 
WebEx  Connect  has  enabled  the  company  to 
pull  people  together  faster. 

“Getting  people  to  be  able  to  plug  in  togeth¬ 
er  quickly  and  easily  and  not  have  to  worry 
about  ordering  equipment  and  making  sure 
they’re  on  the  same  network,  and  firewalls,  is 
giving  me  the  opportunity  to  expedite  the  abil¬ 
ity  for  people  globally  to  collaborate,”  Kingsley 
says.“It  lets  us  link  out  to  some  of  the  internal 
SharePoint  stuff  that  we’ve  built  for  our  internal 
users,  but  [also]  go  out  and  work  with  our 
clients  as  well  without  having  to  give  them 
access  behind  our  firewall.” 

Messaging,  however,  is  an  area  where  the 


company  can  improve,  according  to  another 
user. 

“They  need  to  have  a  way  of  having  the 
[Unified  Personal  Communicator]  client  be 
able  to  talk  to  all  IMs  —  not  just  one'  —  all 
those  different  clients,”  says  Mike  DeDecker, 
voice  network  engineer  at  Activision. “So  a  user 
doesn’t  have  to  have  four  or  five  different 
clients  working  at  his  desktop  just  to  commu¬ 
nicate  with  the  rest  of  the  world.” 

DeDecker  says  Activision,  though,  can  benefit 
from  UC  7.0’s  standard  local  route  groups  fea¬ 
ture,  which  he  says  reduces  the  number  and 
automates  the  establishment  of  dialing  rules 
between  two  sites. 

Kerravala  expects  WebEx  Connect  to  com¬ 
pete  with  hosted  versions  of  Microsoft’s  Live 
Meeting  and  Avaya’s  OnDemand  VoIP  offering. 

The  TelePresence  component  is  called  Cisco 
TelePresence  Expert  on  Demand.  It  integrates 
Cisco  TelePresence  into  the  contact  center  for 
in-branch  customer  service  and  the  ability  to 
summon  expertise  directly  from  a  Cisco 
TelePresence  meeting. 

It  enables  customers  to  connect  with  subject- 
matter  experts  for  in-person  customer  and 
point-of-sale  service.  Users  can  summon  expert 
assistance  directly  in  a  Cisco  TelePresence 
meeting  or  use  a  dedicated  Cisco  TelePresence 
endpoint  and  get  face-to-face  assistance. 

For  example,  a  retail  bank  could  provide  “in- 
person”  services  to  bank  customers  in  every 
location  via  Cisco  TelePresence,  giving  organi¬ 
zations  the  ability  to  scale  resources  or  exper¬ 
tise,  irrespective  of  geographic  location. 

Cisco  Unified  Communications  System 
Release  7.0  and  Cisco  TelePresence  Expert  on 
Demand  are  available. WebEx  Connect  is  avail¬ 
able  as  a  desktop  and  Web-based  client;  sup¬ 
port  for  mobile  clients  is  scheduled  to  be  avail¬ 
able  in  early  2009.  ■ 
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Symantec  Endpoint  Protection  11.0 

vs.  McAfee  Total  Protection  for  Endpoint 
Performance  Impact  on  Microsoft  Office  Usage 


Test 

Summary 


Premise:  In  today  s  threat-laden  envi¬ 
ronment,  complete  client  protection  is 
paramount  to  maintaining  productiv¬ 
ity.  It  is  also  important  to  provide  that 
endpoint  protection  while  using  a 
minimum  of  system  resources  and 
minimizing  any  impact  on  users.  Long 
wait  times  caused  by  security  program 
processing  can  reduce  the  productivity 
of  system  users  and  generally  degrade 
their  Quality  of  Experience.  Symantec 
has  made  optimizing  client  perform¬ 
ance  a  focus  of  its  development 
efforts. 


Symantec  Corporation  commis¬ 
sioned  The  Tolly  Group  to  evalu¬ 
ate  the  impact  of  two  Enterprise- 
class  endpoint  security  offerings  on  host 
client  performance:  Symantec  Endpoint 
Protection  11.0  compared  with  McAfee 
Total  Protection  for  Endpoint.  The  Tolly 
Group  installed  Symantec  Endpoint  Pro¬ 
tection  1 1 .0  which  provides  anti-virus, 
anti-spyware  and  host  intrusion  preven¬ 
tion  functionality  in  a  single  agent  against 
the  corresponding  products  in  the 
McAfee  Total  Protection  for  Endpoint 
Bundle  (See  Figure  4). 


The  Tolly  Group  benchmarked  file 
I  “open”  and  “save/close”  times,  as  well  as 
memory  usage  on  an  unprotected  Micro- 
;  soft  Windows  Vista  SP1  system  and  com¬ 
pared  these  with  execution  times  on  the 
protected  systems.  Tests  were  conducted 
in  July  2008. 


Test  Highlights 


y  Symantec  Endpoint  Protection  has  a  more  positive  impact  on 
user  productivity  than  the  McAfee  offering 

y  Symantec  Endpoint  Protection  provides  faster  save/close  time 
for  key  Microsoft  Office  documents,  Word  and  PowerPoint  than 
the  McAfee  offering 

y  Symantec  Endpoint  Protection  consumes  less  overall  memory 
than  the  McAfee  offering  when  executing  “save/close” 
functions  for  Microsoft  Office  documents 


Microsoft  Office  2007/ Vista  File  “Open”  Times 
(Increase  Over  Unprotected  System) 


Word  PowerPoint 


Source:  The  Tolly  Group,  July  2008  Figure  1 
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Executive 

Summary 

Symantec’s  Endpoint 
Protection  11.0  pro¬ 
vides  faster  process¬ 
ing  for  common  func¬ 
tions  such  as  open¬ 
ing  and  saving  Word 
and  PowerPoint  files. 
This  capability  can 
improve  the  produc¬ 
tivity  and  Quality  of 
Experience  for  users. 

Endpoint  Security  solutions 
are  designed  to  inspect  and 
scan  every  file  that  is 
opened  or  written  to  the 
hard  drive.  The  anti-virus 
engine  scans  the  file  and 
compares  it  to  its  repository 
of  known  viruses  to  ensure 
that  no  malicious  content  is 
embedded  and  that  no  harm¬ 
ful  scripts  are  present  in  the 
file.  This  operation  has  a 
non-trivial  impact  on  the 
performance  of  applications 
such  as  Microsoft  Word  and 
PowerPoint. 

Symantec  Endpoint  Protec¬ 
tion  1 1 .0  consistently  dem¬ 
onstrated  faster  “open”  and 
“save/  close”  times  for  Word 
and  PowerPoint  documents 
than  McAfee  Total  Protec¬ 
tion  for  Endpoint  while 
using  less  overall  memory. 

Tolly  Group  engineers  used 
a  Microsoft  Vista  operating 
system  with  no  protection 
client  installed  in  order  to 
gather  benchmark  data  for 
certain  file  operations. 
Engineers  then  tested  these 
same  operations  on  the  base¬ 
line  system  with  only  the 
Symantec  solution  installed 


Microsoft  Office  2007/Vista  File  “Save/Close”  Times 

(Increase  Over  Unprotected  System) 


to 

■O 

c 

o 

o 

<D 

V) 


CD 

E 


Word 


PowerPoint 


Symantec 


McAfee 


Source:  The  Tolly  Group,  July  2008 


Figure  2 


1 


Summary  of  Test  Results 


Function  Baseline  Symantec  McAfee 


Elapsed  time  (seconds)/ 
Maximum  memory  (MB) 


%  less 
impact 
than 
McAfee 


MS  Word 
5MB  Open 


2.5 

36.0 


2.7 

26.7 


4.3 

40 


88.9% 

333.3% 


5MB  Close 


10.5 

24.3 


11.7 

17.0 


12.2 

31.7 


29% 

198% 


MS  Power¬ 
Point 

20MB  Open 


3.8 

34.3 


4.5 

41.3 


5.1 

50.3 


46% 

56.3% 


20MB 

Close 


9.4 

39.0 


10.7 

42 


11.3 

51.7 


31% 

76.4% 


Source:  The  Tolly  Group,  July  2008 


Figure  3 
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and  then  with  only  the 
McAfee  solutions  installed. 

Results 

Microsoft  Office 
FILE  “Open” 

Tolly  Group  tests  show  that 
Microsoft  Word  was  able  to 
open  a  5MB  document  in 
2.7  seconds  on  a  system 
with  Symantec  Endpoint 
Protection  11.0  installed, 
requiring  only  0.20  seconds 
longer  than  the  baseline  sys¬ 
tem.  On  a  system  with 
McAfee  Total  Protection  for 
Endpoint  installed,  the  same 
operation  took  4.2  seconds. 
Microsoft  Word  opened  the 
file  on  the  baseline  OS  in 
2.5  seconds.  (See  Figures  1 
and  3). 

Microsoft 

PowerPoint 

Testing  also  included  meas¬ 
uring  the  time  to  open  a 
20MB  Microsoft  Power 
Point  document.  On  the  base 
line  system  it  took  3.8  sec¬ 
onds  to  open  the  20MB 
presentation.  Symantec 
added  only  0.7  seconds  to 
the  operation.  The  system 
with  McAfee  installed  took, 
5.1  seconds  to  open  the 
PowerPoint  document, 
demonstrating  that 
McAfee's  impact  was  48% 
higher  than  Symantec’s. 

(See  Figures  1  and  3). 

Microsoft  Office 
“Save/Close  Time” 

Tolly  Group  engineers 
measured  the  amount  of 
time  required  to  save  and 
close  a  modified  (i.e.,  using 
“Save  as”  to  save  an  un¬ 
modified  file  under  a  new 
name.)  5MB  word  file.  The 
system  with  the  Symantec 


client  took  only  1 .2  seconds 
longer  than  the  baseline  system. 
The  system  with  McAfee  in¬ 
stalled  required  0.5  seconds 
longer  than  Symantec  and  1 .7 
seconds  longer  than  the  base¬ 
line  OS. 

This  same  test  was  conducted 
for  a  20MB  Microsoft  Power 
Point  document.  Powerpoint 
saved  the  presentation  in  10.7 
seconds  on  a  system  protected 
by  Symantec,  compared  to  11.3 
seconds  on  a  system  protected 
by  McAfee.  The  McAfee  prod¬ 
ucts  added  1.9  seconds  to  this 
operation. 

Test  Setup  & 
Methodology 

Tolly  Group  engineers  tested 
Symantec  Endpoint  Protection 
11.0  MR3  and  McAfee  Total 
Protection  for  Endpoint.  Note: 
McAfee  assigns  product  num¬ 
bers  to  individual  products 
within  the  suite  (See  Figure  4). 

As  each  solution  is  geared  to  the 
Enterprise  user,  each  installation 
consisted  of  multiple  security 
modules.  The  default  set  was 
installed,  but  only  those  that 
dealt  with  file  access  were 
exercised  in  this  test. 

All  tests  were  conducted  on  the 
same  client.  Network  connec¬ 
tivity  was  only  required  to 
“deliver”  the  endpoint  software 
to  the  client  under  test. 

The  client  machine  ran  Micro¬ 
soft  Vista  Business  (32-bit)  SP1 
on  machine  outfitted  with  an 
Intel  Pentium  D,  2.8-GHz  proc¬ 
essor,  1GB  of  RAM.  The  system 
was  outfitted  with  a  single  West¬ 
ern  Digital  model  WD800  drive 
which  is  an  80GB  SATA  hard 
drive.  The  client  was  a  “clean” 
system  without  any  viruses  or 
malware  placed  on  it. 
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Protection  11.0 

Performance 
Impact  of 
Enterprise  Endpoint  Security 
on  Windows  Vista 
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Product  Specifications 

Vendor-supplied  information  not 
necessarily  verified  by  The  Tolly  Group 

Symantec 

Endpoint  Protection  11.0 

Benefits: 

9  Symantec  Endpoint  Protection  com¬ 
bines  Symantec  AntiVirus  with  ad¬ 
vanced  threat  prevention  to  deliver 
unmatched  defense  against  malware 
for  laptops,  desktops  and  servers.  It 
seamlessly  integrates  essential  secu¬ 
rity  technologies  in  a  single  agent  and 
management  console,  increasing 
protection  and  helping  lower  total 
cost  of  ownership 

9  Improved  end-user  Quality-of  Experi¬ 
ence  through  efficient  use  of  system 
resources 

Features: 

9  Seamlessly  integrates  essential  tech¬ 
nologies  such  as  antivirus,  anti¬ 
spyware,  firewall,  intrusion  prevention, 
device  and  application  control 

9  Requires  only  a  single  agent  that  is 
managed  by  a  single  management 
console 

9  Provides  unmatched  endpoint  protec¬ 
tion  from  the  market  leader  in  endpoint 
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NEWS  ANALYSIS 


Biometrics  help  locate  terrorists 


BY  ELLEN  MESSMER 

TAMPA,  FLA. — A  biometrics “jumpkit” is  help¬ 
ing  American  soldiers  in  Iraq  to  identify  dan¬ 
gerous  persons  by  immediately  comparing  de¬ 
tainees’  fingerprints  against  an  Army  database 
in  the  United  States,  using  a  satellite  link  for 
speedy  analysis. 

“When  we  roll  with  a  target  we  need  quick, 
rapid  identification  of  who  we  have,”  said 
Konrad  Trautman, director  of  intelligence  at  the 
U.S.  Special  Operations  Command,  describing 
how  the  biometrics  kits  can  help  zero  in  on 
gangs  making  improvised  explosive  devices 
(IED)  in  Iraq. 

These  terrorist  groups  leave  their  fingerprints 
everywhere,  including  on  scraps  of  already  ex¬ 
ploded  devices,  said  Trautman,  who  described 
the  process  at  the  Biometric  Consortium  Con¬ 
ference  held  last  week  in  Tampa. 

The  U.S.  military  in  Iraq  over  the  last  two  years 
has  amassed  a  large  database  of  fingerprints 
and  photos  that  can  be  instantly  accessed 
using  the  biometrics  jumpkit.  Soldiers  submit  a 
Web-based  inquiry  with  a  detainee’s  finger¬ 
print  scan  to  the  Army’s  Biometrics  Fusion 
Center  via  a  small  Inmarsat  satellite  antenna 
link  that’s  part  of  the  kit,  and  in  about  15  min¬ 
utes  can  find  out  if  the  fingerprint  matches  a 
prior  entry 

In  situations  that  involve  high-value  targets, 
interrogations,  or  door-to-door  searches, “for  us 
to  come  in  with  knowledge  that  there  has  been 
bomb-making  sets  the  tone  for  the  discussion,” 
Trautman  said. 

Soldiers  have  made  about  28,000  biometric 
submissions  over  the  past  two  years,  resulting 
in  1,722  positive  matches  for  individuals  linked 
to  IEDs,  which  has  greatly  helped  reduce  the 
bomb-making  violence  in  Iraq, Trautman  said. 

“If  I  find  a  fingerprint  off  a  mortar  fin  that 
landed,  I  can  probably  figure  out  who  did  it,” 
said  Lt.  Col. Thomas  Pratt  from  the  U.S.  Central 
Command.  Entire  groups  of  bomb-makers  are 
being  identified  through  biometrics,  Pratt  said. 

In  addition  to  collecting  fingerprints,  the  mil¬ 
itary  is  storing  iris  and  DNA  captures  from  the 
most  dangerous  individuals  and  using  that  in¬ 
formation  to  link  people  to  terrorist  events. 

But  it  hasn’t  always  worked  that  way  said  U.S. 
military  officials  at  the  conference. 

“Eight  years  ago  we  were  writing  a  number 
across  the  forehead  of  a  detainee  with  a  pen,” 
said  Myra  Gray  director  of  the  Defense  Depart¬ 
ment’s  Biometrics  Task  Force,  which  centrally 
organizes  the  military’s  efforts  to  use  biomet¬ 
rics  technologies.  “Terrorists  have  no  borders. 
For  us  to  be  effective,  we  have  to  break  down 
barriers  and  have  effective  data  sharing  be¬ 
tween  agencies.” 

She  said  the  use  of  biometrics  has  directly 
led  to  379  of  the  most  dangerous  terrorists 
being  “taken  off  the  street.” 

The  Defense  Department’s  arduous  collec- 


A  look  inside  a  biometrics  “jumpkit” 
used  by  American  soldiers  to  identify 
dangerous  persons. 


tion  of  biometrics  from  Iraqi  detainees  is  being 
carried  out  under  an  agreement  with  the  Iraqi 
government,  but  military  officials  acknowledge 
the  collection  methods  “are  more  permissive 
than  what  you’d  find  in  this  country  Pratt  said. 

Biometrics  era 

The  soldier’s  biometrics  jumpkits  are  just  one 
example  of  how  the  U.S.  government  has  em¬ 
braced  the  science  of  collecting  fingerprint, 
face,  iris  and  other  biometrics  to  identify  indi¬ 
viduals  since  the  Sept.  1 1,2001,  terrorist  attacks. 

“We’ve  always  had  the  issue  of  identity 
fraud.  It  took  9/1 1  as  a  catalyst  for  Congress 
to  say  we  need  something  better,”  said 
Robert  Mocny,  director  of  the  Department  of 
Homeland  Security’s  US-VISIT  program, 
which  requires  foreign  visitors  coming  to 
the  United  States  to  submit  to  an  electronic 
fingerprint  scan  to  be  checked  against  a 
watch  database. 

Although  the  US-VISIT  biometrics  program 
initially  faced  controversy,  it  now  successfully 
checks  23  million  prints  per  year,  Mocny  said. 
Other  countries,  including  Canada,  Japan,  Peru 
and  Argentina,  have  either  launched  or  will 
soon  launch  similar  visitor  biometrics  systems. 

The  next  step  Congress  wants  is  “some  kind 
of  biometrics  exit,”  said  Mocny,  to  ensure  those 
who  entered  the  United  States  as  visitors  actu¬ 
ally  left  the  country 

DHS  would  like  airlines  to  assist  in  the  bio¬ 
metrics  collection  process  at  departure  gates, 
for  example,  but  Mocny  acknowledged,  “The 
airlines  aren’t  happy  about  it.” 

Another  largescale  government  biometrics 
project  just  getting  ramped  up  is  the  Transpor¬ 
tation  Workers  Identification  Credential 
(TWIC)  program. This  joint  project  initiated  by 
the  Coast  Guard  and  the  Transportation  Secur¬ 
ity  Administration  (TSA)  requires  workers  at 


port  facilities,  vessels,  drilling  rigs  and  docks  to 
carry  a  card-based  credential  with  their  digital 
fingerprints  stored  on  it  to  prove  their  identity 
in  on-the-spot  fingerprint  checks  using  mobile 
card  readers. 

The  credential  costs  more  than  $100. 

“We  have  an  enrollment  now  of  500,000,” said 
Maurine  FanguyTWiC  program  director  at  TSA. 
“We’ve  been  able  to  take  this  out  to  the  worker.” 
TSA  estimates  about  1.2  million  workers  will 
get  a  TWIC  card,  with  a  mandate  this  should  be 
completed  by  next  April. 

TWIC  field  tests  will  soon  commence  in  five 
locations,  including  with  Watermark  Cruises  in 
Annapolis,  Md.,  and  Magnolia  Marine  in 
Vicksburg,  Miss. 

Some  equipment  has  had  to  be  modified  to 
the  environment:  Dock  workers  tend  to  have 
much  bigger  hands  than  average,  for  example. 
“We’re  encountering  people  with  hands  so  big, 
they  can  palm  the  standard  reader,”  Fanguy 
said.  “Fingerprints  like  you’ve  never  seen  in 
your  life.” 

The  TSA  also  wants  airport  operators  and  air¬ 
lines  to  migrate  from  the  physical  access-con¬ 
trol  methods  they  now  use  to  government- 
approved  biometrics-based  access  methods. 
Carter  Morris,  senior  vice  president  at  the 
American  Association  of  Airport  Executives, 
said  40  airports  have  formed  the  “Biometric 
Airport  Security  Identification  Consortium”  to 
speak  with  a  common  voice  to  the  govern¬ 
ment  on  the  topic. 

Morris  said  the  airport  industry  and  airport 
operators  want  a  very  clear  idea  of  what  to 
invest  in,  hopefully  based  on  a  “standards- 
based  framework,”  so  that  the  biometric  verifi¬ 
cation  of  aviation  workers  is  interoperable. 

Deploying  biometrics  is  not  easy  and  the 
General  Services  Administration  (GSA)  is  find¬ 
ing  that  out  in  its  effort  to  outfit  government 
employees  and  contractors  with  the  Personal 
Identity  Verification  (PIV)  card  required  under 
the  Homeland  Security  Presidential  Directive 
12  (HSPD-12)  signed  by  President  Bush  in 
August  2004. 

HSPD-12  called  into  creation  the  PIV  smart 
card  with  digital  credentials  and  a  two-finger¬ 
print  biometric,  provided  upon  completion  of 
a  background  and  criminal  check. 

Civilian  federal  agencies  —  and  increasingly 
the  Defense  Department,  which  has  long  had 
its  own  Common  Access  Card  —  are  looking  at 
PIV  to  be  the  credential  for  physical  and  logi¬ 
cal  access.  But  David  Temoshok,  director  of 
identity  policy  and  management  at  GSA, 
acknowledged  “interoperability  is  very  hard 
across  19  systems.  I  won’t  say  it’s  impossible, but 
it  will  be  very  hard  to  do.” 

At  GSA,  which  has  issued  about  100,000 
PIV  cards,  the  card  still  isn’t  being  used  for 
physical  or  logical  access  at  this  point, 
Temoshok  said.  ■ 
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This  is  not  a  Mac  vs.  PC  column 


It’s  been  more  than  a  year  and  a  half  since 
Microsoft  introduced  Vista  to  the  general 
public.  It’s  also  long  after  Microsoft  started 
making  it  hard  to  buy  a  computer  with  any 
Microsoft  operating  system  other  than  Vista,  at 
least  for  non-business  purchasers. 

Microsoft  has  sold  a  lot  of  copies  of  Vista;  in 
May  it  reported  it  had  sold  140  million. This  sta¬ 
tistic,  along  with  the  data  points  that  2007  was  a 
record  year  for  Microsoft  and  that  2007 
Windows  revenue  was  about  $17  billion, should 
be  seen  as  good  news. Yet  the  press  hardly  ever 
has  a  positive  word  to  say  about  Vista  and  its  adoption. 

Some  observers  might  attribute  the  press  response  to  some  sort  of 
Apple  bias  —  a  bias  that  is  most  obvious  whenever  Steve  Jobs  is  about 
to  put  on  some  public  show.  But  any  such  bias  —  if  it  exists  —  does 
not  seem  to  be  the  primary  reason  for  the  negative  comments. 

At  this  point  1  need  to  say  that  I  have  a  carefully  cultivated  ignorance 
of  Windows  Vista.  As  regular  readers  know  well,  I  have  been  using  Macs 
since  1983.1  used  Macs  along  with  Unix  machines  for  some  of  that 
time,  but  it’s  been  Macs  exclusively  since  Tenon  Intersystems  released 
MachTen  for  OS  9  (BSD  Unix  as  a  Mac  application). As  far  as  I’m  con¬ 
cerned,  I  have  the  best  of  both  worlds  —  the  Mac  interface  and  one  of 
the  better  Unix  systems  around.  Nevertheless,  my  pro-Mac  bias  is  not 
why  I’m  writing  this  column. 

What  did  get  me  to  write  this  column  is  Microsoft’s  recent  advertising 
effort.  So  far,  there  has  been  huge  publicity  first  about  Microsoft  hiring 
Jerry  Seinfeld  (see  www.nwdocfinder.com/6824),  apparently  to  human¬ 
ize  the  company  then  dumping  him  after  two  ads  and  starting  a  new 
campaign  that  shows  people  identifying  themselves  as  the  computers 
they  use. The  latter  seems  to  me  to  be  the  result  of  an  ad  person  on 


hallucinogens  watching  Apple’s  PC  vs.  Mac  ads. 

This  is  not  the  first  time  Microsoft  has  thought  that  throwing  money 
at  advertising  agencies  and  TV  networks  would  somehow  make  its  soft¬ 
ware  better.  Microsoft  announced  an  advertising  blitz  of  “hundreds  of 
millions  of  dollars”  when  Vista  was  first  introduced.  Maybe  those  ads 
helped  push  Vista  (I  remember  thinking  at  the  time  that  the  ads  were 
quite  forgettable),  but  they  were  not  aimed  at  me. 

The  Seinfeld  ads  were  also  not  aimed  at  me  —  I’m  not  quite  sure  just 
whom  they  were  aimed  at.The  first  ad  was  unforgettable  (unfortunately 
—  it  is  hard  to  put  the  image  out  of  my  mind  of  Bill  Gates  wagging  his 
tush). The  only  result  of  the  ads  that  I  could  see  was  the  blitz  of  nega¬ 
tive  comments  about  them  from  about  every  corner  (for  example, 
Newsweek  said  “hiring  a  TV  star  from  the  1990s  to  fix  Vista’s  reputation 
only  adds  to  the  impression  that  Microsoft  is  in  a  time  warp”).  Interest¬ 
ing  factoid:  One  of  the  Apple  “think  different”  ads,  which  seem  to  be 
lurking  in  the  subconscious  minds  of  the  Microsoft  ad  people,  also  fea¬ 
tured  Seinfeld. 

The  main  thing  I’ve  seen  resulting  from  the  new  ads  is  a  rekindling  of 
press  comments  that  paint  Vista  as  a  failure,  at  least  in  the  business 
world.  Naturally  any  discussion  of  this  type  does  devolve  into  a  Mac  vs. 
PC  rant  fest. 

Maybe  Vista  is  great,  but  it  seems  to  me  that  an  ad  campaign  whose 
tagline  is  “life  without  walls”  is  not  an  ideal  way  to  sell  something 
called  Windows:  One  does  not  need  windows  if  one  does  not  have 
walls. 

Disclaimer:  I  am  not  privy  to  any  Harvard  decisions  on  Windows  ver¬ 
sions  or  advertising  for  them,  so  the  above  observations  are  mine,  not 
the  university’s. 

Bradner  is  Harvard  University’s  technology  security  officer.  He  can  be 
reached  at  sob@sobco.com. 
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Calculating  the  cost  of  communicating 


At  a  recent  trade  show,  I  happened  to 
mention  that  some  of  my  more  for¬ 
ward-looking  clients  have  created 
“communications  calculators”  that  enable 
them  to  predict  —  with  a  high  degree  of 
accuracy  —  what  the  communications 
costs  will  be  for  moving  or  adding  employ¬ 
ees.  Let’s  say  a  business  unit  owner  wants 
to  shift  5,000  employees  from  site  A  to  site 
B  —  how  will  that  affect  communications 
costs? 

Not  surprisingly  the  first  question  I  got  was: 
“How  do  I  build  one  of  those?”  Here’s  what  I 
suggest: 

Start  by  investing  in  products  that  enable  you  to  accurately  identify 
application  flows  through  the  network  —  by  type,  site  and  user. Track 
this  over  time  to  determine  long-term  trends,  so  you’re  aware  of  what 
percentage  of  the  WAN  is  being  consumed  by  which  applications. 

While  you’re  gathering  that  data,  make  sure  you’re  investing  in  asset 
management  technology  Be  aware  of  which  hardware  and  software 
assets  you’ve  got,  what’s  being  used  and  what’s  idle,  and  by  whom  it’s 
being  used.  Count  everything:  licensing  fees  for  unified  communica¬ 
tions  applications,  hard  and  soft  IP  and  TDM  phones,  and  all  data  net¬ 
working  gear. 

Also  audit  your  WAN  service  contracts.Try  to  arrive  at  a  consistent 
dollars-per-megabit-per-second  metric  for  different  traffic  and  service 
classes.  In  other  words,  if  you’re  still  using  plain  old  telephone  service, 
convert  your  voice  traffic  from  cents  per  minute  to  dollars  per  megabit. 
Rank  your  MPLS,  private-line,  and  legacy  frame/ATM  data  traffic  the 
same  way  (you  may  need  multiple  ratings  if  you’re  paying  for  differen¬ 


tial  class  of  service).  And  don’t  forget  wireless  —  it’s  an  increasingly 
important  component  of  your  overall  communications  spend. 

Figure  out  how  many  people  you  have  supporting  your  users,  and 
what  they’re  doing.  Separate  the  folks  who  are  doing  architecture  and 
planning  from  direct  support  and  break-fix  —  the  former  don’t  in¬ 
crease  based  on  the  number  of  users,  but  the  latter  do.  A  good  ratio  to 
have  is  users-per-support  staffer 

Take  all  this  information  and  start  crafting  “user  profiles.”You  shouldn’t 
need  more  than  a  handful,  but  you  should  be  able  to  categorize  users 
fairly  simply  based  on  the  following:  application  portfolio,  hard¬ 
ware  configuration,  LAN  connectivity  WAN  connectivity,  support 
requirements,  geographic  location,  mobility  requirements,  telecom¬ 
muting  requirements,  and  backup  and  recovery  needs. 

The  user  profile  is  essentially  a  map  between  users’  job  functions  and 
their  technical  requirements. The  idea  here  is  to  be  able  to  fairly 
straightforwardly  build  out  definitions  such  as  “a  back-office  adminis¬ 
trative  worker  has  the  following  requirements”  and  “a  developer/engi¬ 
neer  has  the  following  requirements.” 

Next,  build  out  your  model.  Watch  for  step-function  increases  — 
places  where  adding  one  more  user  necessitates  upgrading  a  pipe 
from  T-l  to  fractional  T-3,  or  adding  a  new  server  or  staffer.  At  the  end  of 
this  exercise,  you  should  be  able  to  estimate  the  communications  cost 
of  each  employee  quite  well. 

Finally  loop  in  accounting. To  perfect  your  model,  compare  your  esti¬ 
mated  and  actual  costs,  and  investigate  every  discrepancy  Just  a  few 
iterations  will  clarify  where  your  model  needs  beefing  up. 

Johnson  is  president  and  senior  founding  partner  at  Nemertes 
Research,  an  independent  technology  research  firm.  She  can  be  reached 
at  johna@nemertes.com. 
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Integrating  SaaS  and  legacy  apps 

Following  these  steps  can  help  simplify  the  job  of  bridging  environments 


TECH  UPDATE 

An  inside  look  at  technologies  and  standards 


BY  LOU  FOX 

While  the  task  of  integrating  on-premises  systems  with  software-as-a- 
service,  platform-as-a-service  or  cloud-computing  services  might 
seem  daunting,  the  process  is  simpler  than  you  might  imagine. 


The  secret  is  focusing  on  why  the  business 
will  benefit  from  integration,  what  problem 
integration  will  solve  and  how  to  keep  the 
costs  in  line.  Here  are  the  key  steps  in  an  inte¬ 
gration  project. 

Step  1  —  Define  the  business  process.  Work 
with  the  business  to  define  the  processes 
from  the  user  perspective  that  require  inte¬ 
gration  so  you  can  figure  out  the  answers  to 
the  following  questions: 

•  How  are  employees  using  the  on-demand 
system?  Will  it  be  the  main  portal  or  used  for 
particular  tasks? 

•  Is  integration  driven  by  the  need  to  lever¬ 
age  a  shared  business  process?  For  example, 
some  organizations  must  vet  all  accounts  be¬ 
fore  they  are  officially  added  to  the  account 
master  file.  If  users  are  constantly  creating 
accounts  in  a  system  such  as  Salesforce.com, 
the  organization  may  have  a  strong  need  for 
integration. 

•  Will  integration  involve  connecting  the 
on-demand  application  to  a  larger  workflow 
that  extends  across  many  departments  and 
systems,  such  as  an  order-to-cash  and  fulfill¬ 
ment  process? 

•  Will  the  project  require  active  or  passive 
integration?  Active  integration  requires  data 
to  be  moved  between  systems  at  the  specific 
request  of  the  user.  Passive  integration  moves 
data  at  scheduled  times,  without  any  users 
triggering  the  process.  Active  integration  re¬ 
quires  different  technology  than  passive  inte¬ 
gration,  and  the  efforts  can  vary  widely  in 
cost  and  time. 

Step  2  —  Calculate  the  value.  Determine 
the  the  value  of  the  integration  to  the  busi¬ 
ness,  not  by  building  a  complex  ROI  model 
but  by  simply  outlining  such  basics  as: 

•  How  will  the  integration  improve  adop¬ 
tion  of  the  business  process? 

•  How  will  automating  the  process  reduce 


Got  great  ideas? 

VJ  Network  World  is  looking  for  great 
ideas  for  future  Tech  Updates.  If  you've 
got  one,  and  want  to  contribute  it  to  a 
future  issue,  contact  Editor  in  Chief 
John  Dfx  (jdix@nww.com) 


operating  costs? 

•  How  will  it  drive  higher  sales  or  profit 
margin,  and  by  how  much? 

•  How  quickly  do  users  need  this  and  why? 

•  What  is  the  cost  of  not  integrating?  In 
wasted  hours?  In  incomplete  data?  Dollars? 

Step  3  —  Determine  technical  require¬ 
ments.  Now  that  you’ve  examined  the  busi¬ 
ness  issues,  it’s  time  to  think  about  technical 
solutions. The  first  thing  to  remember  is  that, 

By  taking  this  careful 
approach  to  determine  the 
best  model  for  integrating 
on-premises  systems  with 
hosted  solutions,  you’ll  be 
sure  to  reap  the  benefits 
such  solutions  provide. 

for  the  most  part,  on-demand  systems  have 
APIs  that  are  programming-language  and 
tool  agnostic  (SOAP  REST,  XML  over  HTTP 
and  so  on). Confirm  this  with  the  vendor, ask 
yourself  the  following  questions  and  move 
on  to  Step  4. 

•  How  are  you  integrating  your  premises- 
based  systems  today? 

•  Do  you  have  an  ETL,  ESB,  EA1  tool  or  have 
you  been  thinking  about  getting  one? 

•  Are  you  a  custom  development  house? 

•  Are  there  software  tools  available  for  inte¬ 
grating  this  on-demand  application  rather 
than  building  and  supporting  it  from  scratch? 

Step  4  —  Risk  assessment.  Now  that  you 
have  confirmed  that  this  on-demand  system 
has  a  rich  API,  examine  the  following  areas: 

•  Look  at  your  staff’s  skill  set  and  ask  your¬ 
self:  Are  you  more  likely  to  have  a  successful 
project  using  your  current  tools  and  staff,  or 
by  bringing  in  new  staff  and  software?  And 
yes,  new  software  means  new  staff,  or  atleast 
retraining  your  existing  staff. 

•  A  great  way  to  reduce  risk  is  to  iterate 
instead  of  delivering  all  the  functionality  at 
once. 

•  If  you  are  evaluating  an  integration  solu¬ 
tion,  is  the  company  selling  that  solution 


viable?  After  all,  vendors  in  the  integration 
market  tend  to  be  either  dot-coms  or  compa¬ 
nies  that  have  been  dropping  in  value  over 
the  past  eight  years.  (Note:  Over  the  past  eight 
years  such  standards  as  SOAP  REST  and  XML 
have  been  driving  down  the  complexity  in 
integration  and  the  need  for  big  middleware 
products.) 

Step  5  —  Solution  selection.  Now  that  you 
have  a  few  options  on  the  table,  it’s  time  to 
judge  them  and  pick  out  the  best  one  for  the 
problem  at  hand. The  best  way  to  do  that  is  by 
asking  the  following: 

•  What  is  the  total  cost  of  ownership  (TCO) 
of  each  solution?  Remember  to  factor  in 
these  issues: 

Custom  code  requires  staff  to  maintain  and 
enhance.Your  environment  will  change  regu¬ 
larly.  Don’t  assume  it  will  be  static. 

You  may  think  you  are  an  exception  to  this 
rule. You  are  not. 

Many  products  are  similar  to  custom  code. 
If  you  are  writing  if/then  for  loops,  for  exam¬ 
ple,  you  are  coding  and  you  need  to  have 
people  in-house  who  are  trained  in  this  tool 
and  are  able  to  maintain  it  and  enhance  it.  Or 
you  need  to  calculate  the  costs  of  a  profes¬ 
sional-services  provider  to  code  and  support 
your  integration  effort. 

And,  while  it  may  seem  obvious,  don’t  forget 
about  the  cost  of  the  tool. 

•  Is  the  TCO  low  enough  to  justify  an  ROI 
case? 

•  Will  this  solution  get  the  job  done  quickly 
enough  to  keep  the  business  happy?  Will  it  be 
easy  enough  to  change  as  the  business 
changes? 

•  Does  the  initiative  require  a  project  that 
will  be  measured  in  months  or  years? 

•  What  is  the  success  rate  for  integrating 
with  this  technology,  using  the  software  tools 
that  you  are  choosing? 

•  What  effort  will  it  take  to  track  down 
issues?  For  example,  say  your  integration 
project  involves  a  large  workflow  that 
extends  across  systems,  departments  and  so 
on.  If  an  order  becomes  stuck  somewhere 
along  the  line,  what  effort  will  it  take  to  fig¬ 
ure  out  where  it  got  stuck?  If  an  error  hap¬ 
pens,  will  you  know  before  the  business 
complains? 

By  taking  this  careful  approach  to  deter¬ 
mine  the  best  model  for  integrating  on¬ 
premises  systems  with  hosted  solutions, you’ll 
be  sure  to  reap  the  benefits  such  solutions 
provide. 

Fox  is  CTO  for  Bluewolf  and  can  be  reached 
at  Louf@bluewolf.com. 
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DNS  CHANGE  MAKERS 


Mastering  DNS  has  always  been  challenging  -  some  would  say  it’s  as  much  art  as  science. 
And  while  I’m  thrilled  that  DNS  plays  a  key  role  in  essentially  all  network  applications, 
I’m  concerned  by  current  trends.  We’re  now  seeing  more  frequent  attacks  against  DNS 
infrastructure.  Recently,  for  example,  we  saw  a  spate  of  what  are  referred  to  as 
“DNS  amplification”  attacks  in  which  open  recursive  name  servers  are  used  as  amplifiers  to 
swamp  targets  on  the  Internet.  Turns  out  that  name  servers  are  terrific  amplifiers  — 

you  can  get  an  amplification  factor  of  nearly  lOOx.  These  attacks 
have  raised  awareness  of  the  vulnerability  of  Internet 
name  servers,  which  is  possibly  the  only  positive  result. 

Dealing  with  DNS  issues  is  becoming  a  full  time  job  for 
organizations.  My  company,  Infoblox,  provides  leading 
edge  products  to  help  IT  managers  better  handle 
their  DNS  network  management  challenges. 


■1  DNSstuff.com 

WHEN  GOOD  ISN’T  GOOD  ENOUGH. 


When  I  need  an  answer  fast,  I  go  to  a  source  I  trust  - 
DNSstuff.com.  Comprehensive  troubleshooting  and 
problem  solving  tools  in  one  place.  That's  powerful. 

Think  all  DNS  tools  are  the  same? 

Think  again. 


Cricket  Liu,  DNS  guru,  author  &  VP  of  Architecture,  Infoblox 


More  Chrome  details 


Last  week  1  discussed  Googles  Chrome  Web 
browser  and  I  got  some  great  feedback  and 
some  less  so.  On  the  great  side  was  an  old 
colleague  from  Novell  who  said  it  was“by  far  the 
most  interesting  and  informed  . . .  commentary  I 
have  read  on  Chrome.” 

On  the  “less  so”  side  was  “Alex”  who  posted  in 
the  Gearhead  forum  “Your  analysis  is  very 
basic,  but  fairly  good.”Thanks.  1  think. 

Alex  added:  “Chrome,  at  least  for  the  first  year  of  its  life,  is  mainly 
intended  for  home  users.” Sorry  Alex,  but  Googles  goal  is  much  bigger 
than  targeting  the  home  consumer  market.  It  is  trying  to  build  a  plat¬ 
form  for  running  applications  delivered  by  the  Web  that  relegates  the 
operating  system  to  a  supporting  role  (Microsoft  should  be  nervous). 

You  can  eventually  run  software  as  sophisticated  as  today’s  person¬ 
al  productivity  applications  by  downloading  them  through  your 
browser  with  your  data  stored  in  the  “cloud”,  the  prevailing  user  com¬ 
puting  model  that  has  been  in  place  for  thirty  years  is  no  more. 
Paradigm  shift  is  what  Google  is  trying  to  achieve. 

The  deep  technology  that  underlies  Chrome  that  I  didn’t  have  space 
to  go  into  in  my  “very  basic”  discussion  is  what  will  drive  this  new 
model.  For  example,  Chrome  uses  multiple  processes  (one  for  each 
tab)  instead  of  multiple  threads,  which  provides  better  performance 
and  memory  management,  and  should  prevent  lockups  and  com¬ 
plete  browser  crashes  because  of  the  contents  of  a  tab  crashing. 
Chrome  also  has  a  JavaScript  engine  that  is  supposed  to  be  signifi¬ 
cantly  faster  than  the  one  in  Firefox  and  much  faster  than  Internet 
Explorer. 

As  to  overall  performance,  there  have  been  some  interesting,  albeit 
preliminary,  tests.  For  example,  a  posting  titled  “Burning  Chrome, 


Screaming  Firefox,  Lame  IE”  on  the  Open-Xchange  blog  concluded: 
“Google  Chrome  does  not  quite  match  the  performance  of  Firefox  3, 
but  in  numerous  tasks  performed  faster  than  Windows  Explorer  7  ... 
Google  has  delivered  with  Chrome  a  technically  up-to-date  Web 
browser,  which  performs  nicely  with  demanding  AJAX  applications”. 

If  you  want  more  information  about  what’s  under  the  Chrome  hood, 
check  out  Google’s  Chrome  comic  book  and  an  interesting  Wired  arti¬ 
cle  on  the  history  of  Chrome. 

Don’t  dismiss  Chrome  and  don’t  classify  it  as  another  consumer-ori¬ 
ented  browser.  If  Google  can  pull  the  browser  rabbit  out  of  the  beta 
release  hat,  then  much  of  what  we  do  with  PCs  could  change  signifi¬ 
cantly.  At  the  very  least  it  could  lead  to  new  and  improved  architec¬ 
tures  in  other  browsers. 

Speaking  of  browsers,  a  reader  who  had  just  switched  to  Firefox  3 
wrote  that  when  Firefox  was  running  “every  couple  of  minutes  there 
was  a  flurry  of  hard  drive  activity, lasting  maybe  10  or  15  seconds  ...  I 
didn’t  see  any  Internet  activity  taking  place,  so  I’m  not  sure  what  was 
happening,  but  I  didn’t  like  the  idea  that  my  drive  might  be  scanned 
periodically  without  my  knowledge  or  permission.” 

Interesting.  I  queried  my  friends  on  the-list-that-shall-be-nameless 
and  a  suggestion  was  made  that  as  Firefox  3  switched  from  using  .ini 
and  .xml  files  for  storing  data  to  using  SQLite,  this  might  explain  the 
disk  access  as  housekeeping. 

The  absence  of  Internet  activity  may  not  be  correct  though.  Both 
browsers  and  their  myriad  extensions  are  always  calling  back  to  their 
motherships,  which  will  probably  also  trigger  disk  accesses.  Mozilla 
recently  published  an  article  about  Firefox  making  “unrequested”  con¬ 
nections  that  is  worth  reading. 

Gibbs  can  be  reached  at  gearhead@gibbs.com. 


GEARHEAD 


Mark  Gibbs 


Sonos  and  Logitech’s  rocking  systems 


The  scoop:  Sonos  Multi-Room  Music  System, 
Bundle  150,  by  Sonos,  about  $1,150. 

What  it  is:  The  latest  version  of  the  Sonos 
music  system  includes  updated  Wi-Fi  connec¬ 
tivity  (it  uses  802.1  In  as  its  wireless  bases,  but 
still  uses  proprietary  wireless  mesh  technol¬ 
ogy  to  connect  multiple  players  together)  and 
updated  software. 

Since  I  last  tried  the  system,  Sonos  has  also 
made  deals  with  several  music  services  to  let  users  listen  to  Rhapsody 
Pandora,  Napster  and  Sirius  Satellite  Radio  through  the  system.  The 
Bundle  150  includes  two  ZonePlayer  devices  (the  ZP90  and  ZP120)  and 
a  ZoneController.  Users  only  have  to  connect  one  ZonePlayer  (or  a  $99, 
sold  separately  ZoneBridge)  to  a  network  router,  and  the  rest  of  the  play¬ 
ers  work  wirelessly  over  the  Sonos  mesh.  Once  connected,  the  players 
can  play  Internet  radio,  or  music  stored  on  a  PC  (after  installing  Sonos 
Desktop  software)  or  a  network-attached  storage  (NAS)  drive. 

Why  it’s  cool:  The  system  is  designed  for  users  who  want  music  played 
all  throughout  the  house,  and  simultaneously  —  if  you  could  be  in  two 
rooms  at  the  same  time,  you’d  notice  that  the 
music  was  playing  in  perfect  sync.  Or  you  could 
play  one  song  in  one  room  and  a  second  in 
another  room.  The  Sonos  Controller  provides 
easy  access  to  music  stored  locally  or  over 
the  Internet. 

Some  caveats:  The  price  may 
turn  away  some  users,  especially 
if  they’re  not  committed  to  the 
multi-room  music  concept.  If  you 
just  want  networked  music  in 
one  room,  less  expensive 
options  are  certainly  available 


(see  next  review). 

Grade:  ★★★★  (out  of  five). 

The  scoop:  Squeezebox  Boom  Network  Music  System,  by  Logitech, 
about  $300. 

What  it  is:  The  latest  device  in  Logitech’s  Squeezebox  line  of  network 
music  players,  the  Boom  includes  a  30-watt  digital  amplifier  and  speak¬ 
ers, and  the  ability  to  connect  to  a  home  network  via  Ethernet  or  802. 1  lg 
wireless.  Once  connected  to  a  network,  the  Boom  can  access  music 
stored  on  a  PC  hard  drive  or  over  the  Internet  (through  the  SqueezeNet- 
work  online  music  service). 

Why  it’s  cool:  The  Boom  offers  a  nice  all-in-one  system  (interface,  30- 
watt  digital  amplifier  and  speakers)  that  can  still  access  tons  of  music 
over  a  home  network.The  portability  of  the  Boom  lets  you  place  it  in  sep¬ 
arate  rooms,  and  Logitech  says  that  multiple  Boom  devices  can  play  dif¬ 
ferent  songs  or  synchronized  together  to  create  a  multiroom  system  (we 
only  received  one  Boom, so  we  couldn’t  test  this  claim). The  system  has 
an  easy-to-use  remote  to  access  music,  and  a  line-in  port  lets  you  con¬ 
nect  an  iPod  or  other  music  player.The  access  to  lots  of  online  music  ser¬ 
vices  is  very  impressive. 

Some  caveats:  Setting  up  an  account  for  SqueezeNetwork 
to  access  all  of  the  digital  music  services  is  a  hassle.The  sys¬ 
tem  can’t  access  music  stored  on  a  net¬ 
worked  hard  drive,  so  to  listen  to 
locally  stored  music,  you  either 
need  to  leave  your  PC  powered 
on,  or  upload  your  music  to 
SqueezeNetwork. 

Grade:  ★★★★ 

Shaw  can  be  reached  at 
kshaw  @nww.  com. 
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CLEAR  CHOICE  TEST  VIRTUALIZATION  PLATFORMS 


Virtual  winner:  VMware’s  ESX  KOs 
a  roughly  built  Hyper-V  package 

VMware  wins,  due  to  the  manageability,  stability  that  come  with  maturity 


BY  TOM  HENDERSON  AND  BRENDAN  ALLEN, 

NETWORK  WORLD  LAB  ALLIANCE 

hen  the  dust  settled  in  the  lab  after  two  long  months  of  testing 
Microsoft’s  Hyper-V  and  VMware’s  ESX  for  performance,  com¬ 
patibility  management  and  security  it  all  boiled  down  to  two 
issues:  experience  and  religion 

VMware  ESX  took  home  our  Clear  Choice  award  because  it  showed 
depth  and  maturity  in  our  performance  and  qualitative  analyses  of  the 
hypervisor  and  the  first  tier  of  management  tools  offered  by  each  ven¬ 
dor.  On  the  other  hand,  Hyper-V’s  components  were  very  Windows 
focused  and  very  rough. 

Performance,  as  reported  earlier  this  month,  heavily  favored  ESX, 
although  Hyper-V  edged  it  out  in  a  few  contests  (see  www.nwdocfind 
er.  com/6721.) 

On  the  compatibility  front,  Hyper-V’s  early  lead  in  the  number  of  sup¬ 
ported  hardware  platforms  (based  on  the  widespread  support  for 
Windows  Server  2008  itself)  is  completely  offset  by  a  dearth  of  support 
for  non-Windows  virtual-machine  (VM)  operating  systems.  VMware’s 
supported-hardware  list  is  shorter,  but  its  support  of  a  comparatively  vast 
number  of  operating  systems  made  us  cheer  (see  “The  issue  of  virtual 
compatibility  page  32). 

In  addition,  VMware’s  VirtualCenter  management  platform  is  mature 
and  straightforward  in  the  ways  administrators  can  use  it  to  control  res¬ 
ident  VMs  on  aVMware  host.VMware’s Virtual  Infrastructure  Client  (VIC) 
is  the  administrative  user  interface  to  the  VirtualCenter  platform. 

Microsoft’s  System  Center-Virtual  Machine  Manager  (SC-VMM)  2008 
(we  tested  a  very  late  beta  version  which  Microsoft  guaranteed  was  fea¬ 
ture  complete)  works  with  very  strong  ties  to  the  underlying  Active 
Directory  and  has  an  interface  that  fits  right  into  Microsoft’s  System 
Center  scheme,  so  administrators  won’t  have  to  work  hard  to  under¬ 
stand  how  it  works.That  said, things  from  standard  management  tasks  — 
viewing  simple  settings  for  a  VM  host,  for  example  —  to  much-touted 
advanced  features  —  such  as  the  ability  to  migrate  ESX  VMs  to  Hyper-V 
—  caused  SC-VMM  to  crash  repeatedly  during  testing. 

Regarding  these  hypervisor  environments’  security  options,  we  found 
that  both  vendors  need  to  beef  up  their  authentication  protection  meth¬ 
ods  and  provide  a  designated,  secure  store  forVM  images. 

Either  virtualization  platform  can  be  dressed  up  with  add-ins  that  cover 
everything  from  eye-catching  GUIs  to  fast  tracking  for  priority  applica¬ 
tions,  to  special-interest  support  for  favored  hardware  platforms.  These 
options  could  be  combined  effectively  to  be  all  things  to  all  people,  but 
we  had  to  select  the  components  we  tested  to  get  an  even  comparison. 

Our  line  in  the  sand  was  to  select  the  basic  bundle,  which  was  com¬ 
posed  of  the  hypervisor  itself  and  the  management  tools  needed  to 
build,  execute,  monitor  and  maintain  a  production  VM  infrastructure. 

Our  test  combinations  were  Microsoft’s  Hyper-V  using  SC-VMM  2008 
vs. VMware’s  ESX  Infrastructure  Foundation  package.  We  added  just  one 
option  to  the  VMware  foundation:  VirtualCenter  for  ESX,  which,  like  SC- 
VMM,  is  a  starter  kit  for  managing  multiple  virtualized  host  platforms. 
These  additional  software  elements  make  the  two  hypervisor  platforms 
equivalent. 

Although  we  only  rarely  test  nonproduction  software,  we  chose  to  use 
SC-VMM  beta  (Build  0991.1)  in  testing  Hyper-V  because  it  is  close  to 
public  release  and  Microsoft  contended  it  was  feature  complete  and 
on  target  to  be  ready  for  a  September  release. That  said,  Microsoft  has 
since  missed  that  release  target  date  and  is  now  saying  it  won’t  even 

See  Virtualization,  page  30 


NETRESULTS 


Product 

Hyper-V  RTM  1.0 
with  beta  version 
of  SC-VMM  2008 

VMware  ESX  3.5.1 
with  VirtualCenter 

Vendor 

Microsoft 

www,  microsoft.com 

VMware 

www.vmware.com 

Price 

Microsoft  Hyper-V 
ships  with  Windows 
2008  Enterprise  edi¬ 
tion,  which  starts  at 
$1,500.  Stand-alone 
version  of  SC-VMM 
expected  to  be  $675, 

VMware  ESX 
Infrastructure  3.5 
(Foundation  edition 
with  VirtualCenter) 
$2,000. 

Pro 

Simple  basic  instal¬ 
lation;  extensive 
hardware  platform 
support 

Better  Oi  compatibil¬ 
ity;  VMotion  live-migra¬ 
tion  tool  irweafts  flex¬ 
ibility;  faster  performer 
ovjjall  with  good  SMP 
kernel  support. 

Cons 

Limited  OS  compati¬ 
bility;  management 
tools  are  late  and 
barely  working;  per¬ 
formed  generally 
more  slowly  than 

ESX  in  testing. 

Hardware-compatibil¬ 
ity  list  is  shorter  than 
Microsoft's;  weak 
pasjl'ords  raise  secu¬ 
rity  issues. 

Score 

3.5 

4.25 

SCORECARD 


Action 

Hyper-V 

VMware  ESX 

Setup,  compatibility 
and  migration  (25%) 

3.0 

4.5 

Administration 
and  management  (25%) 

3.5 

4.0 

Performance*  (25%) 

3.5 

4.5 

Security,  monitoring  and 
event  management  (25%) 

3.00 

4.00 

Total 

4.25 

Scoring  key:  5:  Exceptional;  4:  Very  good;  3:  Average;  2:  Below  average; 
1:  Subpar  or  not  available. 
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Microsoft,  with  its  System  Center  Virtual  Machine  Manager  2008  software, 
provides  a  centralized  console  for  viewing  performance  parameters  of  all 
Hyper-V  host  servers  on  the  network. 
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RTM  for  another  30  days.  We’ll  likely  take  another  look 
at  the  shipping  code  and  compare  it  with  what  we 
found  in  this  initial  round  of  testing.  What  we  found 
was  that  SC-VMM  crashed  frequently,  needed  to  be 
patched  heavily  and  required  a  lot  of  configuration 
limitations  that  aren’t  supposed  to  be  in  the  final  pro¬ 
duction  product. 

The  tools  of  the  VM  management  trade 

Because  virtualization  is  usually  part  of  a  server-con¬ 
solidation  project,  rapid  VM-instance  generation,  move¬ 
ment,  monitoring  and  trouble  assessment  can  be  criti¬ 
cal  to  the  virtual  deployment  because  a  single  server 
usually  represents  many  production  processes. 

We  built  dual  Hyper-V  and  ESX  servers  to  gauge  how 
each  hypervisor  design  handled  hosting  both  new  and 
consolidated  virtualized  operating-system  and  applica¬ 
tion  instances.We  assessed  the  system’s  flexibility  in  cre¬ 
ating  newVM  guests,  tested  the  primary  tools  that  do  the 
heavy  lifting  when  discrete  physical  servers  are  moved 
to  virtual  servers  (a  process  known  as  P2V),  and 
reviewed  how  the  tools  provided  helped  in  ongoing 
management  of  all  guests. 

For  ongoing  monitoring  capabilities,  we  took  into 
account  the  depth  of  the  characteristics  each  prod¬ 
uct  could  track  and  how  those  were  communicated 
in  the  form  of  logs  and  reports.  We  also  assessed  the 
flexibil-ity  of  the  VM  security  choices. 

VM  management  tools  need  to  perform  at  least  four  basic  functions: 
managing  the  drivers  to  be  used,  updated  or  deleted  for  the  corre¬ 
sponding  hardware  connections  to  the  hypervisor;  allocating  and  build¬ 
ing  VM  spaces  for  guests;  monitoring  ongoing  characteristics  (CPU,  disk 
space,  I/O)  and  alarming  events;  and  loading,  unloading  and  backing 
up  discrete  VMs. 

Microsoft’s  SC-VMM  assists  in  controlling  Hyper-V  guests  from  remote 
(nonvirtual-server  host)  locations.  Hyper-V’s  GUI  rides  on  Windows  and 
connects  to  the  SC-VMM  2008  administrative  engine  running  on  the 
same  machine  as  Microsoft’s  Active  Directory  Domain  Controller  and  a 
version  of  Microsoft  SQL  Server.  SC-VMM  installs  an  agent  on  each 
Hyper-V  VM  it  manages. 

VMware’s  ESX  and  its  hosted  VMs  are  monitored  and  manipulated  by 
VirtualCenter,  which  runs  as  a  background  Windows  application  on  the 
virtualized  server  or  another  Windows  machine  connected  to  it. 
VirtualCenter  requires  that  SQL  Server  Express  Edition  be  installed  for  it 
to  function  properly  as  a  management  data  store  and  that  an  agent  be 
installed  on  each  ESX  server. 

Both  SC-VMM  and  VirtualCenter  perform  their  management  missions 
to  varying  degrees  of  success. 

Microsoft,  as  was  mentioned  several  times  in  our  performance  dis¬ 
cussion,  offers  a  free  Linux  Interface  Connector  (LinuxIC)  kit,  which 
has  three  components  (CPU/memory,  I/O  drivers  and  key¬ 
board/mouse)  to  speed  Novell  SUSE  Linux  Enterprise  Server  (SLES) 
versions  10.1  and  10.2  VMs. 

Like  LinuxIC,  an  optional  ESX  add-in  called  VMTools  adds  network 
and  block-memory  drivers  and  faster  graphics-translation  speed  to 
VMware  ESX  guest  operating  systems  (there  are  versions  for  both  Linux 
and  Windows)  if  desired. 

When  Hyper-V  is  controlled  by  SC-VMM,  the  administrator  can  turn  a 
VM  guest  on  or  off  remotely  or  have  it  shut  down  gracefully.  Also, 
through  Active  Directory,  administrators  are  supposed  to  be  able  to 
manage  which  users  can  access  the  VMs.  An  administrator  can,  of 
course,  limit  what  users  can  do:  for  example,  start  and  stop  machines, 
pause  and  resume,  make  checkpoints,  remove  machines,  create  new 
VMs,  and  be  a  local  admin  for  them. The  feature  wasn’t  camera  ready 


when  we  tested  it:  It  crashed  the  SC-VMM  application  repeatedly. 

SC-VMM  also  drives  the  importation  of  VM  images  and  is  supposed  to 
be  able  to  import  ESX  VMs  to  Hyper-Y  but  that  didn’t  work  in  our  SC- 
VMM  beta  code.  On  that  same  cross-platform  note,  the  same  function  in 
ESX  —  importation  of  Hyper-V  images  —  also  didn’t  work.  No  points 
were  awarded  either  vendor  for  cannibalizing  a  competitor’s  images. 

VMware’s  VirtualCenter  can  do  many  of  the  things  mentioned  above 
(turn  machines  on  and  off,  shut  down,  reset). We  were  also  able  to  ere 
ate  template  images  to  be  used  as  a  base  to  create  images  later,  or  clone 
aVM  (while  it’s  turned  off).  Also,  we  were  able  to  assign  permissions  to 
each  VM,  enabling  different  users  and  groups  (via  Active  Directory/ 
Local  Users)  to  access  that  VM  or  group  of  VMs. 

Another  thing  you  can  do  with  VirtualCenter  is  set  up  what’s  called  a 
resource  pool,  which  allows  you  to  divide  resources  more  easily  among 
multiple  VMs.  For  example,  let’s  say  you  have  six  VMs.You  would  like  two 
to  use  60%  of  the  resources  on  that  system  and  four  to  use  40%.You  can 
create  two  resource  pools  and  assign  the  VMs  to  one.This  way  you  don’t 
need  to  worry  about  assigning  resources  to  individual  VMs. 

Building  a  virtual  host 

We  used  several  steps  after  installation  to  prepare  virtual-guest  slots  on 
our  Hyper-V  and  ESX  hosts.  We  then  populated  them  to  emulate  server 
migration  and  consolidation  processes.  Once  either  hypervisor  was 
installed,  we  could  generate  guest  instances  that  served  as  holding 
spots  for  installable  operating-system  and  application  instances  on 
physical  servers  that  we  wanted  to  migrate  to  our  host  servers. 

Both  Hyper-V  and  ESX  allowed  us  to  install  guest  instances  without 
the  aid  of  the  SC-VMM  and  VirtualCenter  tools,  respectively,  then 
install  a  premade  VM  instance  or  an  operating  system  from  a  CD  or 
DVD,  or  install  from  a  network  source  or  share.  The  additional  man¬ 
agement  tools  can  be  helpful  in  this  process,  serving  as  a  user  inter¬ 
face  to  the  hypervisor.  Both  tools  eased  common  VM-instance  man¬ 
agement  tasks,  such  as  duplicating,  creating,  copying,  and  allocating 
and  reallocating  resources.  For  moving  existing  operating-system  and 
application  pairings  to  a  virtual  host,  the  hypervisors  have  a  similar 
procedure  that  captures  a  server  instance  and  imports  it  into  a  virt- 

See  Virtualization,  page  32 
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ual  guest  slot  that  we  prepared. 

This  process  of  copying  a  current  physical  server  to  a  target  server  is 
known  as  cloning.  There  are  two  primary  P2V  cloning  methods  that 
both  hypervisors  support:  migrating  from  a  disk  image  and  cloning 
from  a  live  production  server. 

Unfortunately,  Microsoft’s  P2V  process  couldn’t  be  tested  because 
this  portion  of  the  beta  application  crashed  despite  lots  of  patching, 
intricate  settings  tweaks  and  calls  to  advanced  technical  support.  It’s 
not  ready  yet. 

VMware’s  P2V  application  is  an  optional  extra  called  VMware 
Converter;  when  we  tested  it,  it  worked  well  in  most  cases  as  long  as  the 
hard-disk  controller  was  supported.  It  mainly  worked  best  with 
Windows,  where  we  could  produce  live  clones  from  Windows  XP  and 
Windows  Server  2003  images.To  cold-clone  Linux  and  Windows  Server 
2008  VMs  required  some  extra  setup  steps  after  it  was  copied. 

Images  of  working  VMs  then  can  be  used  as  the  basis  of  replicas  for 
other  VM  guests.The  images,  however,  are  in  known  formats  and  can  be 
mounted  as  file  systems  for  manipulating  the  content  files  and  folders. 
Hyper-V  uses  a  cross-Windows  file  format  called  VHD,  and  ESX  uses  a 
published  system  called  VMDK. 

Some  organizations  use  virtualized  images  for  distribution,  and 
images  may  need  to  be  customized  to  make  the  image  unique  (a  gen¬ 
eral  Windows  requirement  for  identification)  or  to  load  specific  soft¬ 
ware  combinations  as  a  payload  for  a  targeted  distribution  of  the  virtu¬ 


alized  physical  hardware  instances  to  other  locations. 

With  both  products,  we  found  that  mounting  and  editing  images  can 
be  simple  but  also  runs  the  security  risks  we  talk  about  in  detail  below.. 

Migrating  images 

Migrating  VMs  from  one  server  host  to  another  is  done  for  a  variety  of 
reasons,  ranging  from  load  balancing  to  application  aggregation. 

For  our  direct  comparisons  here,  migrations  revolve  around  taking 
snapshots  of  existing  working  VM  guests,  then  moving  these  images  to 
new  target-server  hypervisor  hosts. 

VMware  offers  an  optional  live-migration  tool  called  VMotion.  Our 
experience  with  VMotion  is  that  it  can  move  images  within  seconds 
from  one  server  hypervisor  to  another.  Microsoft  recently  announced 
that  a  similar  service  for  Hyper-V  won’t  be  available  until  20 10,  a  serious 
deficiency  if  we  were  to  include  this  in  our  direct  comparison. 

By  using  snapshots  under  Hyper-V  we  were  able  to  capture  live  sys¬ 
tem-state  data  on  either  Windows  Server  2008  or  Novell’s  SLES  10.2  VMs. 

It  took  a  loaded  machine  seconds  for  the  snapshot  to  complete.  The 
snapshot  feature  can  be  used  to  roll  back  or  restore  a  server’s  use  state, 
but  there  are  implications.  For  example,  as  transactional  states  of  appli¬ 
cations  are  frozen,  the  server  becomes  unavailable  for  a  short  period  of 
time;  users  thus  may  find  their  applications  performing  badly  because 
they  cannot  access  the  server  while  the  snapshot  is  being  taken.  Further, 
an  image  rendered  from  a  system-state  snapshot  and  subsequently  used 
as  an  instance  on  another  machine  might  not  be  supported  in  operat¬ 
ing-system  and  application  licensing.  Microsoft  recently  changed  its  pol- 
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The  issue  of  virtual  compatibility 

MS  has  the  hardware  support,  but  VMware  supports  more  o^rating  syjems 


Both  hypervisors  we  tested  have  requirements  for  the 
hardware  they  can  run  on  and  the  virtual  machines  they 
can  support. They  both  require  a  supported  hardware 
platform  with  a  64-bit  virtualization-enabled  Intel  or  Advanced 
Micro  Devices  CPU.  Sufficient  memory  is  needed  to  support 
the  guests  that  will  inhabit  the  virtualized  atmosphere. 
VMware’s  ESX  displaces  less  than  half  a  gigabyte  of  memory 
for  its  own  use.  Hyper-V  must  live  on  (some  will  argue  adja¬ 
cent  to)  an  edition  of  Microsoft  Windows  Server  2008  (the 
choice  of  edition  decides  the  number  of  guests  and  requisite 
costs  of  hosting)  but  takes  up  a  nominal  amount  of  extra  oper¬ 
ating-system  space.  Microsoft's  recommended  base  memory 
requirement  is  2GB  —  but  includes  room  for  Hyper-V  and  a 
Windows  Server  2008  base  instance. 

Hardware  choices  can  be  complex  because  both  server  and 
peripheral  cards  (generally  network  interface  cards,  and  a 
disk/host  bus  adapters  infrastructure)  need  to  be  supported  by 
the  hypervisors  as  well.  Hyper-V  runs  over  any  platform  that  suits 
Windows  Server  2008  editions  —  a  very  long  list.The  Windows 
Server  site  lists  approved  hardware  and  software  and  outlines 
how  to  use  Hyper-V  on  top  of  Windows  Server  2008  running  in  64- 
bit  mode  atop  aV-  orVT-enabled  CPU. 

In  contrast,  VMware’s  ESX  compatibility  list  includes  many 
servers  from  the  top-tier  equipment  vendors  —  IBM,  Dell  and  HP 
—  but  overall  the  list  is  far  shorter  than  that  for  Hyper-V. 

General,  white-box,  64-bit  AMD  and  Intel  machines  are  not  sup¬ 
ported  officially  by  either  virtualization  platform.  If  they  are 
equipped  with  the  right  virtualized  processors  and  BIOSs,  they 
might  work,  but  support  for  the  problems  found  in  these  hosts 
might  not  be  forthcoming. 

Knowing  the  infrastructure  and  administrative  ins  and  outs  of 
Windows  Server  2008  editions  is  the  ticket  to  a  simple  and  fast 


installation  of  Hyper-V  because  it  runs  as  a  server  r®e  snap-in. 
No  initial  Hyper-V  configuration  is  required  if  Windows  Server 
2008  is  installed  already.  By  contrast,  VMware’s  ESX  installs  like  a 
typical  Linux  distribution  but  with  a  graphical  ft>nt  end.  Both 
hypervisors  were  easy  to  install  on  our  platforms,  which  were 
known  to  be  compatible  with  their  product  families. 

The  list  of  operating  systems  that  can  be  migrated  to  each  plat¬ 
form  stands  squarely  in  favor  of  VMware’s  ESX. 

ESX's  advantage  comes  in  part  from  the  fact  that  it  supports 
maipy  versions  of  Windows  operapig  systems  —  more  than 
Hyper-V,  in  fact  —  ranging  from  user  operating  systems 
(Windows  XP  and  Vista  Professional  in  x86  or  x64  versions)  to 
Windows  Server  operating-system  flavors  (from  Windows  2000 
through  Windows  2003  x86  or  x64  versions  to  the  latest  cuts  of 
Windows  Server  2008  Djfta  Center  and  High  PeSormance  Cluster 
versions).  It  also  supports  Windows  NT. 

The  other  reason  for  ESX's  edge  here  is  that  Hyper-V  —  as 
Microsoft  certifies  —  supports  only  one  version  of  Linux, 
Novell's  SUSE  Linux  Enterprise  (SLES)  10  Service  Pack  1  or  2, 
in  x86  and  x64  versions.  However,  only  one  virtual  processor  is 
supported  for  each  virtualized  instance  of  SLES  10  SP  1  or  2. 
Microsoft’s  Connectix  acquisition,  which  brought  Microsoft 
Virtual  Server  to  market,  initially  supported  a  vastly  wider 
variety  of  guests.  For  Hyper-V  support  of  Linux,  Microsoft's 
relationship  with  Novell  has  Microsoft  buying  hundreds  of 
thousands  of  SUSE  Linux  support  kits  for  Microsoft's  (and 
their  customers’)  use. 

VMware’s  ESX,  in  contrast,  supports  a  long  list  of  other  operat¬ 
ing  systems. Those  include  Red  Hat  Enterprise  Linux  in  numerous 
editions,  several  editions  of  SUSE  Linux  and  Ubuntu  Linux,  Free¬ 
BSD,  and  Sun’s  Solaris  10.  It  also  supports  Novell's  NetWare. 

—  TOM  HENDERSON  AND  BRENDAN  ALLEN 
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icy  to  allow  VM  instances  to  be  migrated  (for  various  versions  of  Win¬ 
dows)  from  one  host  to  another,  but  licensing  prohibits  spontaneous 
movements  of  VM  instances,  whatever  their  state.That  state  also  may  rep¬ 
resent  application  or  file  states  that  when  reinstantiated  require  mainte¬ 
nance.  Transaction  states  may  have  to  be  verified  as  well. 

VMware’s  Virtualized  Consolidated  Backup  (VCB),  which  is  included 
in  the  VMware  Infrastructure  Foundation  edition  we  tested,  adds  full 
and  incremental  backup  of  guest  hosts  to  disk  or  tape.  The  file  system 
is  quieted  during  backup  to  keep  things  synchronized,  possibly,  and 
temporarily  removing  VM  guest  operating  systems  and  applications 
from  availability  through  the  process.  VMware  says  VCB  also 
can  be  integrated  with  CommVault  Systems,  EMC,  HE 
Symantec,  IBM/Tivoli  and  other  backup  applications,  but  we 
did  not  test  that  level  of  integration. 

VMware’s  ESX  uses  two  capture  systems  to  pull  VM 
images,  one  that  develops  aVM  image  from  a  live,  running 
server  and  one  that  takes  a  shut-down  server’s  disk  and 
captures  the  state  of  the  disk.  We  captured  several  operat¬ 
ing  systems  (see  “How  we  did  it”  at  www.nwdocfind 
er.com/6722)  and  found  that  this  is  a  simple  process  that 
works  well  and  consistently 

Monitoring  capabilities 

VMs  are  allocated  shared  resources  when  they’re  born, 
and  then  must  live  within  the  confines  of  those  settings. 

When  VM  instances  use  their  maximum  allocation  or  are 
allowed  constantly  to  plug  into  shared  (oversubscribed) 
resources,  administrators  need  to  know  so  that  the  help 
desk  doesn’t  light  up  with  complaints  of  apparent  appli¬ 
cation  inadequacy. 

We  used  SC-VMM’s  instance-monitoring  capabilities  to 
watch  CPU,  memory  and  disk  use  (how  much  and  how  fre¬ 
quently)  to  gauge  its  capabilities  vs.VIC’s  ability  to  monitor 
VM-performance  attributes.  To  make  a  long  discussion 
short,  they’re  nearly  the  same:  Both  monitor  important  VM 
characteristics.  VIC  comes  out  on  top  when  it  comes  to 
watching  whether  exceeding  thresholds  triggers  an  alarm.  Thresholds 
aren’t  monitored  inside  SC-VMM  because  this  requires  the  use  of  other 
products  in  the  Systems  Center  family  VIC,  however,  allowed  us  to  set 
thresholds  in  such  areas  as  CPU  use,  where  zero  use  meant  that  per¬ 
haps  an  application  had  crashed,  and  hitting  a  ceiling  meant  the  appli¬ 
cation  was  peaking. 

Using  VIC,  we  set  alarms  based  on  conditions  we  needed  to  know 
about,  such  as  when  CPU,  memory  network  or  disk  use  went  above  or 
below  a  certain  threshold  or  when  the  machine  state  changed  or  there 
was  no  VM  heartbeat.  There  are  three  colors  for  severity:  green,  yellow 
and  red.  Green  means  everything  is  fine,  yellow  is  a  warning  and  red  is 
trouble.  Once  an  alarm  was  triggered,  it  was  recorded  in  a  log  file.  We 
could  set  how  often  it  would  trigger  again  either  by  frequency  (in  sec¬ 
onds)  or  tolerance  (a  certain  percentage).  We  also  could  set  an  action 
to  follow  when  a  trigger  was  set  off. These  actions  included  sending  an 
e-mail, sending  a  notification  trap,  running  a  script,  powering  a  VM  on  or 
off, suspending  aVM  and  resetting  aVM. 

While  there  are  no  alarm  or  trigger  options  built  into  SC-VMM,  there  is 
a  limited  set  of  options  that  allowed  us  to  start  specific  VMs  as  the  serv¬ 
er  booted  up.  When  the  server  shut  down,  Hyper-V  saved  the  state  of 
VMs  and  turned  them  off. 

Security  could  use  some  beef 

We  had  security  issues  with  both  hypervisors  in  several  areas.  The 
first  big  issue  is  the  fact  that  the  images  used  to  build  virtual  guests 
aren’t  serialized  or  authenticated  in  either  platform. Should  the  image 
storage  area  be  accessible,  only  file-system  time,  date  and  modifica¬ 
tion  metadata  will  be  able  to  indicate  that  a  VM  image  has  been  used 
or  worse,  tampered  with. 


Because  both  hypervisors  lack  a  native  repository  images  must  be 
stored  in  an  area  chosen  by  the  administrator.  They  ideally  would  be 
authenticated  through  external  methods,  such  as  MD5  hashing,  rudi¬ 
mentary  checksums  or  other  ways  to  validate  image  contents. VMware 
does  embed  an  ID  number  into  the  image  contents  for  enumeration  pur¬ 
poses,  but  not  for  authentication.  Because  ESX  and  Hyper-V  produce 
images  in  formats  that  are  easily  mountable  file  systems,  hackers  with 
even  rudimentary  skills  and  file-system  access  can  tamper  with  images. 
This  begs  for  at  least  a  minimal  image  repository  setup  that  records 
authentication  hashes  or  data  to  be  included  even  in  a  basic  bundle. 

We  also  found  that  ESX  doesn’t  police  password  strength  in  its  strictly 
Windows-based  VirtualCenter.  If  the  passwords  are  weak,  access  can  be 
garnered  through  dictionary  password  attacks. 


When  managed  through  SC-VMM,  Hyper-V  is  accessed  through  default 
or  defined  Active  Directory  passwords,  which  are  by  default  strong  and 
can  be  made  stronger  with  additional  authentication  methods. 

Third-party  authentication  devices  are  virtually  ignored. 
Controlled  access  to  both  hypervisors  is  lacking,  although  the  Win¬ 
dows  Server  2008  that  runs  underneath  Hyper-V  has  some  authenti¬ 
cation  mechanisms  in  place. Still,  there’s  no  direct  authentication  for 
either  Hyper-V  or  ESX. 

VMware  added  a  basic  firewall  to  surround  itself  and  its  VMs  by 
default  when  we  installed  it.  The  Windows  Firewall  components  built 
into  Windows  Server  2008  ostensibly  protect  Hyper-V  VM  guests,  but  we 
didn’t  assault  either  product  to  see  if  we  could  crack  them.We  could  fin¬ 
gerprint  the  VM  guests  if  ports  were  open  to  do  so,  and  therein  lies  an 
unexplored  attack  vector. 

Summary 

VMware’s  long-standing  virtual  history  has  given  the  ESX  product 
ample  time  to  mature  to  a  very  stable,  usable  product. 

The  “dribbleware”  nature  of  the  release  of  virtualization  products 
from  Microsoft  —  with  Hyper-V  the  LinuxlC  kit  and  SC-VMM  2008  arriv¬ 
ing  six  months,  eight  months  and  10  months  after  Windows  Server  2008 
editions  hit  the  streets  —  certainly  won’t  help  with  the  rapid  deploy¬ 
ment  of  Hyper-V  in  environments  where  it  will  earn  its  chops. 
Microsoft’s  development  power  is  obvious,  but  the  devil  will  be  in  the 
technical  details  as  Microsoft  plays  catch-up  in  the  explosive  virtual¬ 
ization  marketplace. 

Henderson  and  Allen  are  researchers  for  ExtremeLabs,  of  Indianapolis. 
Contact  them  at  kitchen-sink@extremelabs.com. 
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VMware’s  Infrastructure  Client  component  —  backed  by  the 
VirtualCenter  management  engine  —  allowed  us  during  testing  to 
easily  build  and  monitor  VM  guests  across  multiple  server  hosts. 
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Addressing  Endpoint  References  and  Identity 
specification  from  IBM  and  Microsoft,  and  the 
Open  Source  Identity  Systems  (OSIS)  Feature 
Tests  from  Identity  Commons. 

The  IMI  group  said  in  a  statement  it  would 
“assure  the  portability  of  Information  Cards 
content  by  defining  a  standard  method  of 
transferring  collections  of  Information  Cards 
between  Identity  Selectors.”The  group  says  In¬ 
formation  Cards  are  relevant  to  Web  2.0,  con¬ 
sumer  and  corporate  intranet  applications. 

“Having  things  be  real  standards  created  by 
internationally  recognized  standards  bodies  is 
important  for  adoption  in  certain  sectors  such 
as  government  and  telcos,”  says  Mike  Jones, 
director  of  identity  partnerships  for  Microsoft 
and  the  author  of  the  ISIPJones  says  the  expec¬ 
tation  is  that  other  organizations,  such  as  the 
ITU,  would  recommend  the  use  of  the  IMI’s 
eventual  standard. 

“This  is  not  coming  out  as  a  surprise,”  Jones 
says.  “This  has  been  building  on  the  fact  that 
most  of  the  major  system  vendors  have  been 
working  together  to  achieve  interoperability 
among  Information  Cards  software  for  about 
two  years.  This  is  coming  at  a  logical  point.” 

The  OSIS  group  has  held  six  interoperability 
events  since  May  2007  that  have  included  var¬ 
ious  vendors. 

In  June,  Equifax,  Google,  Microsoft,  Novell, 
Oracle  and  PayPal  set  up  the  Information  Card 
Foundation  to  push  Information  Cards  as  an 
open,  interoperable  user-centric  identity  sys¬ 
tem  that  could  stretch  across  intranets  and  the 
Internet.  Deutsche  Telecom  and  Intel  later 
joined  as  board  members. 

There  are  now  about  40  separate  implemen¬ 
tations  of  different  parts  of  the  Information 
Cards  software,  Jones  says.  That  list  includes 
about  six  identity-selector  interfaces  available 
that  let  users  select  and  present  Information 
Cards. 

Microsoft’s  CardSpace  is  supported  in  Win¬ 
dows  XP  and  Vista.  Last  year,  Novell  introduced 
its  DigitalMe  Information  Card  selector  as  part 
of  its  Bandit  Project.  Developer  Chuck  Morti¬ 
mer  has  created  a  Java-based  identity-card 
selector  that  runs  in  a  browser,  and  developer 
Kevin  Miller  has  created  an  extension  for  Fire- 
fox  to  support  CardSpace.  IBM  has  an  imple¬ 
mentation  called  the  Eclipse  Higgins  Identity 
Framework  and  supports  CardSpace  in  its 
Tivoli  Federated  Identity  Manager. 

Web-site  operators  will  have  to  build  support 
for  Information  Card-based  technologies  into 
their  Web  sites,  which  basically  would  be  code 
that  asks  users  to  sign  in  using  a  CardSpace  ID 
or  other  similar  identity-selector  technology. 

Vendors  and  developers  have  been  free  to 
build  Information  Cards-based  identity  selec¬ 
tors  since  2006  when  Microsoft  released  its 
Open  Specification  Promise,  which  gives 
developers  access,  without  need  for  licenses 
or  fear  of  legal  action,  to  many  of  Microsoft’s 
Web-services  protocols.  H 


UTM 

continued  from  page  1 

Nickle,the  IT  director  for  Underwriters  Safety 
and  Claims  in  Louisville,  Ken.,  which  uses  an 
Astaro  Security  Gateway  UTM.  It  replaces  two 
devices  —  a  Cisco  PIX  firewall  and  a  Novell 
BorderManager  proxy  —  and  provides  func¬ 
tions  the  company  lacked  before,  namely, 
intrusion  protection,  gateway  antivirus  and 
SSL  VPN. 

Initially  Nickle  was  skeptical  that  the  device 
could  perform  all  its  functions  well,  but  he  says 
it  does,  and  generates  an  executive  report  daily 
that  he  finds  valuable  for  its  snapshot  of  the 
previous  day’s  activity  application  by  applica¬ 
tion.  It  reports  concurrent  traffic,  CPU  and 
memory  use,  the  number  of  packets  filtered 
and  top  users. 

“It  answers  95%  of  the  questions  I  might  have 
about  the  network,”  Nickle  says.  For  greater 
detail, he  can  drill  down  to  the  activity  of  a  par¬ 
ticular  IP  address  or  the  top  categories  of 
blocked  URLs.  Before,  he  had  to  dump  logs 
from  BorderManager  and  sort  them.The  Astaro 
reporting  makes  it  easier  to  find  data  he  needs 
to  comply  voluntarily  with  Statement  on  Audit¬ 
ing  Standards  70  requirements,  which  demon¬ 
strate  to  outside  parties  that  companies  follow 
accepted  auditing  procedures. 

Consolidating  functions  on  a  single  device 
has  its  upside,  but  not  all  users  are  satisfied  that 
UTMs  provide  the  best  protection.  Cedarville 
University  a  3,000-student  school  in  Ohio,  uses 
paired  SonicWall  E7500  UTMs;  still,  other  gear 
that  duplicates  some  of  their  functions  is  desir¬ 
able,  says  Nathan  Hay,  Cedarville’s  network 
engineer. 

In  addition  to  firewalling  the  network,  the 
UTM  gear  performs  intrusion  prevention,  gate¬ 
way  antispyware  screening  and  URL  filtering, 
Hay  says. 

Hay  chooses  to  double  up  the  URL  filtering 
with  a  St.  Bernard  Software  iPrism  Web-filtering 
appliance  that  offers  more  than  the  Web  filter¬ 
ing  on  the  UTM, such  as  logging  and  built-in  re¬ 
ports,  he  says.  “I  get  more  complete  features 
with  the  purpose-built  Web  filter”  he  says. 
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Because  URL  filtering  is  available  on  the 
UTM  and  doesn’t  overtax  the  machine, 
however,  Hay  uses  it  with  the  theory  that 
one  filter  might  catch  something  the  other 
misses. 

Hay  recommends  making  sure  the  UTM  is 
the  right  size.  Initially  the  school  had  a  smaller 
SonicWall  Pro  5060  that  bogged  down  so  Hay 
turned  off  URL  filtering  and  the  intrusion-pre¬ 
vention  system  (IPS),  he  says.  With  the  larger 
device  processing  the  IPS  and  antivirus  screen¬ 
ing,  it  runs  at  30%  of  capacity  or  less.The  7500 
has  lots  of  horsepower  and  we  wanted  it  to 
grow  with  us,”  he  adds. 

Tift  Medical  Center  in  Tifton,  Ga.,  uses  a 
WatchGuard  Technologies  UTM  for  its  firewall 
capabilities  and  gateway  antivirus  screening, 
but  would  like  to  use  more  features,  such  as 
antispam  and  e-mail  filtering.  By  focusing  on  a 
single  device,  this  would  help  simplify  trouble¬ 
shooting  problems  and  finding  threats,  says 
Alan  Lewis,  the  medical  center’s  network 
administrator. 

“For  the  most  part  we  are  using  other 
things.  I’m  trying  to  move  more  and  more  to 
the  UTM  to  simplify  and  consolidate  my  net¬ 
work,”  Lewis  says. 

Lewis  also  doubles  up  some  protection, how¬ 
ever.  For  instance,  he  uses  both  gateway  and 
desktop  antivirus  because  he  doesn’t  believe 
the  gateway  can  stop  all  threats.“Not  in  a  large 
environment  like  ours.  There’s  too  many  ways 
to  get  in,”  he  says. 

He  uses  a  McAfee  e-mail  filtering  appliance 
in  addition  to  e-mail  protection  on  the  UTM, 
and  relies  more  on  the  appliance.  “I’m  not 
using  [UTM]  to  the  fullest.  It’s  on  a  low-level  set¬ 
ting  to  catch  the  obvious  things,”  he  says.  The 
specialized  device  is  used  to  do  deeper  in¬ 
spection,  he  adds. 

Lewis  says  he  ultimately  would  like  to  use 
the  WatchGuard  gear  for  antispam,  antivirus 
and  e-mail  filtering  to  reduce  complexity.  He 
has  separate  security-event-management 
tools,  firewalls  and  Zix  e-mail  encryption 
service  for  medical  businesses.  “I’ve  got  lots 
of  places  to  look,”  when  something  goes 
wrong,  he  says.  ■ 
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Palin’s  e-mail  and  expert  mistakes 


When  a  friend  from  the  Czech  Republic 
brought  me  a  bag  of  dried  wild  mush¬ 
rooms  he  had  collected  in  his  home¬ 
town,  1  added  them  to  an  Alfredo  sauce  and 
served  it  with  linguine  —  fantastic.The  flavor  of 
the  mushrooms  was  insane! 

I  suppose  I  could  go  looking  for  mushrooms 
around  here,  except  for  one  thing:  I’m  not  stu¬ 
pid.  I  know  nothing  about  picking  wild  mush¬ 
rooms,  and  because  making  a  mistake  could  result  in  my  last  gastro¬ 
nomic  experience,  it’s  something  I’ll  happily  leave  to  the  experts.  Of 
course, sometimes  experts  make  mistakes. 

Consider  Yahoo.  The  company  offers  a  free  e-mail  service,  and  so  one 
might  reasonably  expect  it  to  be  expert  in  e-mail.  But  what  does  expert 
mean  in  this  case?  Well,  it  means  Yahoo  designed  a  solid  e-mail  service 
for  average  users.  For  average  users,  the  chance  of  being  singled  out  by 
bad  guys  and  having  your  account  compromised  is  very  low.  Not  so  for 
the  famous. 

Consider  the  plight  of  vice  presidential  candidate  Sarah  Palin.  She 
had  a  Yahoo  account  for  her  private  use,  and  a  miscreant,  for  reasons 
that  appear  to  concern  political  activism,  managed  to  get  access. 

You’ll  notice  I  didn’t  refer  to  this  account  breach  as  “hacking,”  for  the 
simple  reason  that  there  was  no  skill  involved.  All  it  took  to  gain  entry 
was  to  use  Yahoo’s  forgotten  password  feature  and  guess  the  answer  to 
the  challenge  question, “Where  did  you  meet  your  husband?” 

Figuring  out  the  answer  wasn’t  hard,  seeing  Palin’s  life  story  is  easily 
found  on  the  Internet.  Palin,  foolishly  as  it  turned  out,  gave  honest 
answers  to  all  the  challenge  questions. 

Allow  me  to  digress  for  a  moment  and  note  the  insane  response  with 
which  some  of  the  press  and  analysts  have  greeted  this  event.  For 


example,  PC  Magazine  wrote  a  piece  titled  “Why  the  Palin  hack  could 
happen  again  and  again,”  which  implies  there  was  something  special 
about  the  breach.  Please!  There’s  nothing  special  about  this  event,  and 
we  can  pretty  much  guarantee  that  exactly  the  same  thing  has  hap¬ 
pened  many  times  before  without  anyone  caring. 

Let’s  be  clear:  Given  her  high  profile,  Palin  was  naive  to  ever  consider 
using  a  consumer  e-mail  service. You’d  think  that  anyone  who  wanted 
to  ensure  their  privacy  would  be  more  circumspect  about  which  ser¬ 
vice  to  use  and  how  to  use  it  —  but  there  you  go:  She  didn’t  know  bet¬ 
ter  because  e-mail  is  not  an  area  she’s  expert  in. 

You  might  think  that  Yahoo  could  have  thought  through  the  chal¬ 
lenge  question  method  and  realized  there  was  a  potential  problem 
with  users  providing  honest  and  therefore  guessable  or  findable 
answers  —  but  the  company  is  giving  away  a  free  service  without  war¬ 
ranty 

Perhaps  Yahoo  should  advise  giving  nonsensical  answers  to  the  chal¬ 
lenge  questions,  but  it  didn’t  and  it  isn’t  in  any  way  at  fault  for  not 
doing  so.  So,  the  bottom  line  is  that  it’s  not  Palin’s  fault  any  more  than  it 
is  Yahoo’s.  It’s  just  one  of  those  things. 

Now  we  come  to  the  reaction  of  some  of  the  IT  world.  Network  World 
ran  a  poll  (www.nwdocfinder.com/6732)  asking  whether  “hacking” 
Palin’s  e-mail  was  wrong.  A  shocking  36%  of  respondents  agreed  that  it 
was  justified  given  the  circumstances. 

I  find  that  incredible.  How  can  IT  professionals  show  such  an  incredi¬ 
ble  lack  of  ethics  to  give  a  thumbs-up  to  what  is  a  criminal  act?  You’re 
supposed  to  understand  the  issues  and  be  experts!  Please  tell  me  your 
response  was  just  a  mistake  and  that  you  don’t  collect  mushrooms. 
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Google  has  gone  and  redefined  ‘beta’ 


The  question  of  why  so  many  Google  prod¬ 
ucts  are  classified  “beta” —  and  classified 
thus  for  so  long  —  has  knocked  around 
the  tech  press  for  some  time.  No  one  really 
seemed  to  know  the  answer,  however  —  at 
least,  no  one  outside  of  Google. 

Last  week,  the  question  begged  for  a  con¬ 
crete  answer  after  someone  finally  took  the 
time  to  do  a  hard  count  of  all  those  betas. 
According  to  Web  monitoring  company 
Pingdom,  almost  half  of  Google’s  products  carry  the  ubiquitous  “beta” 
tag,  including  Gmail,  which  debuted  way  back  in  the  middle  of  our 
nation’s  last  presidential  election  season,  April  2004. 

A  four-and-a-half-year-old  product  that’s  still  in  beta?  What  gives? 

1  had  no  idea,  as  noted,  but  1  set  about  getting  an  answer  after 
Pingdom  determined  that  22  of  Google’s  49  products  are  in  beta, 
including  such  stalwarts  as  Gmail,  Google  Docs  and  Google  Finance. 
(Pingdom  intentionally  left  Google  Labs  out  of  the  mix.) 

It  turns  out  that  Google  doesn’t  think  about  or  use  the  word  beta 
the  way  that  most  of  the  rest  of  us  have  always  done  —  and  still 
do.  We’ll  dissect  that  explanation  in  a  moment,  but  first  more  about 
the  tally 

“Everyone  knows  Google  is  fond  of  the  beta  label  on  its  products, 
but  we  wanted  some  actual  numbers,  so  we  went  through  all  of 
Google’s  products  to  see  how  many  of  them  are  in  beta,”  Pingdom 
analyst  Peter  Alguacil  tells  me.“It  turned  out  to  be  a  whopping  45%.  As 
far  as  we  know,  there  is  no  other  company  that  does  this  to  the  extent 
that  Google  does.” 

From  Pingdom’s  blog  post:“Some  products  you  can  understand 
why  they  are  in  beta,  like  Knol,  Google  Alerts,  Custom  Search,  Google 
Chrome,  etc.  However,  a  lot  of  products  that  you  wouldn’t  really 


expect  are  still  labeled  as  beta. . .  .We’re  so  used  to  seeing  the  little 
‘beta’  tag  next  to  the  various  Google  product  logos  that  we  almost 
don’t  register  it  anymore.  We  even  had  to  double-check  that  Gmail 
really  still  was  in  beta.” 

So,  I  asked  Google  for  an  explanation.  Here’s  the  statement  I 
received,  along  with  my  attempt  at  translation. 

“We  have  very  high  internal  metrics  our  consumer  products  have  to 
meet  before  coming  out  of  beta.” 

Excellent.  Who  would  expect  anything  less  from  Google? 

“Our  teams  continue  to  work  to  improve  these  products  and  provide 
users  with  an  even  better  experience.” 

As  they  should. 

“We  believe  beta  has  a  different  meaning  when  applied  to  applica¬ 
tions  on  the  Web,  where  people  expect  continual  improvements  in  a 
product.  On  the  Web,  you  don’t  have  to  wait  for  the  next  version  to  be 
on  the  shelf  or  an  update  to  become  available.  Improvements  are 
rolled  out  as  they’re  developed.” 

So,  people  expect  continual  improvement  in  their  Web  applications. 
Gotcha.  What’s  that  have  to  do  with  them  being  labeled  beta? 

“Rather  than  the  packaged,  stagnant  software  of  decades  past,  we’re 
moving  to  a  world  of  regular  updates  and  constant  feature  refinement 
where  applications  live  in  the  cloud.” 

Ah,  the  cloud. They’re  labeled  beta  because  they  live  in  the  cloud? 

—  No. 

Allow  me  to  summarize:  Google  has  decided  to  strip  the  word  “beta” 
of  its  traditional  meaning,  while  simultaneously  continuing  to  use  it  in 
a  traditional  manner,  which  all  but  assures  that  no  one  will  under¬ 
stand  what  they’re  trying  to  do. 

Either  that  or  their  explanation  is  still  in  beta. 

Send  your  own  explanations  to  buzz@nww.com. 
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